CVE-2026-1389
- EPSS 0.04%
- Veröffentlicht 28.01.2026 07:27:34
- Zuletzt bearbeitet 29.01.2026 16:31:35
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to...
CVE-2025-12384
- EPSS 0.11%
- Veröffentlicht 05.11.2025 06:35:02
- Zuletzt bearbeitet 06.11.2025 19:45:30
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a ...
CVE-2021-24775
- EPSS 0.62%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:44
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
CVE-2021-24868
- EPSS 0.27%
- Veröffentlicht 01.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:55
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.