233 matches found
CVE-2026-1389
CVE-2026-1389 affects the WordPress plugin Document Embedder (
CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...
CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...
CVE-2026-1389
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...
EUVD-2026-4916
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...
PT-2026-5079
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...
CVE-2022-42113
A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...
CVE-2025-67986
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67985
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...
EUVD-2025-203557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...
EUVD-2025-203558
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67986
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67985
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67986
CVE-2025-67986: Barn2 Plugins Document Library Lite suffers DOM-based XSS due to improper input neutralization during web page generation. Affected: Document Library Lite (Barn2 Plugins) up to version 1.1.7. Impact: potential client-side script execution if user-supplied input is processed on the...
CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67985
CVE-2025-67985 affects Document Library Lite (WordPress plugin) with an Unauthenticated Insecure Direct Object Reference due to insecure access controls. Impact recorded as medium (CVSS ~5.3) in the source; affected versions are Document Library Lite
CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67985 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...
CVE-2025-67985 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...
PT-2025-51441
Name of the Vulnerable Software and Affected Versions Barn2 Plugins Document Library Lite versions through 1.1.7 Description The Document Library Lite plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This specif...