Lucene search
K

233 matches found

CVE
CVE
added 2026/01/28 7:27 a.m.18 views

CVE-2026-1389

CVE-2026-1389 affects the WordPress plugin Document Embedder (

4.3CVSS5.9AI score0.00194EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/28 7:27 a.m.22 views

CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

4.3CVSS0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 7:27 a.m.3 views

CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:27 a.m.6 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/28 7:27 a.m.5 views

EUVD-2026-4916

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5079

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.8 views

CVE-2022-42113

A Cross-site scripting XSS vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

6.1CVSS5.9AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.8 views

CVE-2025-67986

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.9CVSS6.4AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.9 views

CVE-2025-67985

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.3CVSS7AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.4 views

EUVD-2025-203557

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

6.1CVSS5.9AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 9:31 a.m.6 views

EUVD-2025-203558

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

6.5AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:16 a.m.6 views

CVE-2025-67986

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.9CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:16 a.m.5 views

CVE-2025-67985

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.3CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.10 views

CVE-2025-67986

CVE-2025-67986: Barn2 Plugins Document Library Lite suffers DOM-based XSS due to improper input neutralization during web page generation. Affected: Document Library Lite (Barn2 Plugins) up to version 1.1.7. Impact: potential client-side script execution if user-supplied input is processed on the...

5.9CVSS6AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.4 views

CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.9CVSS6AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.11 views

CVE-2025-67985

CVE-2025-67985 affects Document Library Lite (WordPress plugin) with an Unauthenticated Insecure Direct Object Reference due to insecure access controls. Impact recorded as medium (CVSS ~5.3) in the source; affected versions are Document Library Lite

5.3CVSS6.6AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.30 views

CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.9CVSS0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.3 views

CVE-2025-67985 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.3CVSS6.6AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.28 views

CVE-2025-67985 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through = 1.1.7...

5.3CVSS0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51441

Name of the Vulnerable Software and Affected Versions Barn2 Plugins Document Library Lite versions through 1.1.7 Description The Document Library Lite plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This specif...

6.1CVSS6.2AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder