CVE-2025-11174

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

EUVD-2025-37407

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

CVE-2025-11174 affects WordPress Document Library Lite plugin. All versions up to 1.1.6 permit improper authorization via an unauthenticated AJAX action (dll_load_posts) exposed through wp-admin/admin-ajax.php, returning a JSON table of document data without nonce or capability checks. The attack...

PT-2025-44695

Name of the Vulnerable Software and Affected Versions Document Library Lite versions prior to 1.1.7 Description The Document Library Lite plugin for WordPress has an issue with authorization. An unauthenticated AJAX action, dll load posts, exposes a JSON table of document data without proper...

Pimcore Preview Documents are not restricted to logged in users anymore

Summary Any call with the query argument ?pimcorepreview=true allows to view unpublished sites. Event if in incognito window. Due to the behaviour of how previews should work, this also applies to internal documents, say an intranet which could be really severe. Details In previous versions of...