CVE Alert: CVE-2025-12384 – bplugins – Document Embedder – Embed PDFs, Word, Excel, and Other Files
CVE-2025-12384
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "bplde_save_document_library", "bplde_get_all", "bplde_get_single", and "bplde_delete_document_library" functions. This makes it possible for unauthenticated attackers to create, read, update, and delete arbitrary document_library posts.
AI Summary Analysis
Risk verdict
High risk: unauthenticated remote manipulation of document data is possible, enabling create/read/update/delete of document_library posts; treat as urgent where exploitation activity or KEV/EPSS indicators are present.
Why this matters
The flaw permits basic attackers to alter or exfiltrate document data without credentials, potentially disrupting operations and undermining trust in hosted documents. In a web-application context, this can scale across affected WordPress sites and compromise content integrity across multiple records.
Most likely attack path
Remote, low-complexity abuse with no user interaction enables access to bplde_save_document_library, bplde_get_all, bplde_get_single, and bplde_delete_document_library functions. With PR:N and UI:N, exploitation relies solely on network reach to the vulnerable endpoints, potentially under scope as a single-site compromise without requiring admin privileges.
Who is most exposed
WordPress deployments using this plugin (versions ≤2.0.0), especially self-hosted or poorly patched instances exposed to the internet, are most at risk.
Detection ideas
- Unauthorised HTTP requests to bplde_save_document_library, bplde_get_all, bplde_get_single, or bplde_delete_document_library.
- Sudden spikes in create/read/update/delete activities on document_library posts.
- Requests with unusual payloads attempting to manipulate document metadata.
- Failures or unusual success patterns from endpoints previously requiring auth.
- Logs showing access from unauthenticated contexts to these endpoints.
Mitigation and prioritisation
- Apply available patch or upgrade to a non-vulnerable version; remove or disable the plugin if patching is not feasible.
- Implement network access controls and a WAF rule set to block unauthenticated requests to the affected endpoints; enforce authentication for document library operations.
- Review and harden WordPress REST/privacy settings; enable least-privilege service accounts.
- Change-management: schedule patching during a maintenance window; verify plugin integrity post-update.
- If KEV true or EPSS ≥ 0.5, treat as priority 1.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
