WordPress plugin Document Library Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-51441

Name of the Vulnerable Software and Affected Versions Barn2 Plugins Document Library Lite versions through 1.1.7 Description The Document Library Lite plugin contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting XSS condition. This specif...

PT-2025-51440

Name of the Vulnerable Software and Affected Versions Barn2 Plugins Document Library Lite versions through 1.1.7 Description An authorization bypass exists due to incorrectly configured access control security levels in Barn2 Plugins Document Library Lite. This allows for unauthorized access. The...

WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zeeshan Haider in WordPress Plugin Document Library Lite versions = 1.1.7...

CVE-2025-12384

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12384

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12384

CVE-2025-12384 affects the WordPress plugin “Document Embedder – Embed PDFs, Word, Excel, and Other Files” (versions ≤ 2.0.0). The root cause is missing authorization checks in functions bplde_save_document_library, bplde_get_all, bplde_get_single, and bplde_delete_document_library, allowing unau...

CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

PT-2025-45089

Name of the Vulnerable Software and Affected Versions Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress versions up to and including 2.0.0 Description The Document Embedder plugin for WordPress is susceptible to unauthorized access, modification, and potential data...

WordPress plugin Document Embedder – Embed PDFs Word Excel and Other Files 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Document Embedder -...

WordPress Document Library Lite plugin improper authorization vulnerability

WordPress Document Library Lite plugin is a WordPress plugin for creating document libraries and download management features with support for multiple file types and responsive layouts. The WordPress Document Library Lite plugin suffers from an improper authorization vulnerability that stems fro...

WordPress Document Library Lite plugin <= 1.1.6 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Avraham Shemesh and Kai Aizen in WordPress Plugin Document Library Lite versions = 1.1.6...

Exploit for CVE-2025-11174

CVE-2025-11174: Unauthenticated Information Disclosure in Word...

CVE-2025-11174

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

EUVD-2025-37407

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

CVE-2025-11174 affects WordPress Document Library Lite plugin. All versions up to 1.1.6 permit improper authorization via an unauthenticated AJAX action (dll_load_posts) exposed through wp-admin/admin-ajax.php, returning a JSON table of document data without nonce or capability checks. The attack...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...