CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

PT-2026-5079

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...

CVE-2025-12384

CVE-2025-12384 affects the WordPress plugin “Document Embedder – Embed PDFs, Word, Excel, and Other Files” (versions ≤ 2.0.0). The root cause is missing authorization checks in functions bplde_save_document_library, bplde_get_all, bplde_get_single, and bplde_delete_document_library, allowing unau...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...