CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

PT-2026-5079

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...

WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...

CVE-2025-12384

CVE-2025-12384 affects the WordPress plugin “Document Embedder – Embed PDFs, Word, Excel, and Other Files” (versions ≤ 2.0.0). The root cause is missing authorization checks in functions bplde_save_document_library, bplde_get_all, bplde_get_single, and bplde_delete_document_library, allowing unau...

EUVD-2015-1985

Malware in sbrugna...

EUVD-2024-21003

Malicious code in bioql PyPI...

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...

CVE-2025-3417

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxsetglobaloption function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level acce...

PT-2025-15923 · WordPress · Embedder

Name of the Vulnerable Software and Affected Versions: Embedder plugin for WordPress versions 1.3 to 1.3.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the ajax set global option function. This enables...

WordPress Embedder plugin 1.3-1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Embedder versions 1.3-1.3.5...

WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Video Embedder versions = 1.7.1...

CVE-2025-31458 WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in forsgren Video Embedder video-embedder allows Stored XSS.This issue affects Video Embedder: from n/a through = 1.7.1...

CVE-2024-23508 WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17...

CVE-2024-23508

CVE-2024-23508 affects the WordPress plugin PDF Poster – PDF Embedder (bPlugins) up to version 2.1.17. Root cause is improper input neutralization leading to a reflected XSS. A fix is available in version 2.1.18; upgrade recommended. Other sources reiterate the same: vulnerable

PDF Poster - PDF Embedder Plugin for WordPress < 2.1.18 - Reflected Cross-Site Scripting

Description The PDF Poster - PDF Embedder Plugin for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2019-19589

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload...