CVE-2025-12384 – This vulnerability in the Document Embedder Wor... (How to Fix)

Q: What is the severity of CVE-2025-12384?

CVE-2025-12384 has a CVSS score of 8.6 (HIGH). This vulnerability in the Document Embedder WordPress plugin allows unauthenticated attackers to perform CRUD operations (create, read, update, delete) on document library posts without authorization. All WordPress sites using this plugin up to version 2.0.0 are affected. Attackers can manipulate or steal sensitive documents uploaded through the plugin.

📋 TL;DR

This vulnerability in the Document Embedder WordPress plugin allows unauthenticated attackers to perform CRUD operations (create, read, update, delete) on document library posts without authorization. All WordPress sites using this plugin up to version 2.0.0 are affected. Attackers can manipulate or steal sensitive documents uploaded through the plugin.

💻 Affected Systems

Products:

Document Embedder – Embed PDFs, Word, Excel, and Other Files WordPress plugin

Versions: All versions up to and including 2.0.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin version are affected regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all documents managed by the plugin, including theft of sensitive files, defacement of document libraries, or deletion of critical business documents.

🟠

Likely Case

Unauthorized access to confidential documents, data exfiltration, or manipulation of document content by opportunistic attackers scanning for vulnerable sites.

🟢

If Mitigated

Limited impact if plugin is disabled or access controls are implemented at the web server level, though the vulnerability remains present.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit as it requires no authentication and affects specific API endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.0.0

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?old=3359820&old_path=document-emberdder%2Ftrunk%2Fdocument-library-block.php&new=&new_path=document-emberdder%2Ftrunk%2Fdocument-library-block.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Document Embedder' and click 'Update Now' if available. 4. If no update is available, deactivate and delete the plugin, then install the latest version from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Document Embedder plugin to prevent exploitation.

wp plugin deactivate document-embedder

Web server access restriction

linux

Block access to vulnerable endpoints using web server rules.

# Apache: <LocationMatch "(bplde_save_document_library|bplde_get_all|bplde_get_single|bplde_delete_document_library)">
    Order deny,allow
    Deny from all
</LocationMatch>
# Nginx: location ~ (bplde_save_document_library|bplde_get_all|bplde_get_single|bplde_delete_document_library) {
    deny all;
}

🧯 If You Can't Patch

Immediately deactivate the Document Embedder plugin via WordPress admin or command line.
Implement network-level filtering to block requests to the vulnerable endpoints (bplde_* functions).

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Document Embedder' version 2.0.0 or earlier.

Check Version:

wp plugin list --name=document-embedder --field=version

Verify Fix Applied:

Verify plugin version is greater than 2.0.0 in WordPress admin, or test if unauthenticated requests to /wp-json/document-embedder/ endpoints return 403/401 errors.

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to /wp-json/document-embedder/v1/ endpoints from unauthenticated IPs
Multiple 200 responses to bplde_* API calls without corresponding user authentication logs

Network Indicators:

HTTP traffic to paths containing 'bplde_save_document_library', 'bplde_get_all', 'bplde_get_single', or 'bplde_delete_document_library' from external sources

SIEM Query:

source="web_logs" AND (uri_path="/wp-json/document-embedder/v1/*" OR uri_path="*bplde_*") AND http_status=200 AND NOT user_agent="*bot*" | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-12384

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-862

EPSS Score: 0.11% exploit probability (29.4th percentile)

Published: November 5, 2025

Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12384, you might also want to check these: