VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Jan 27, 2026

Document Embedder – Embed PDFs, Word, Excel, and Other Files Vulnerabilities

Review known vulnerability records for the WordPress plugin Document Embedder – Embed PDFs, Word, Excel, and Other Files (`document-emberdder`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-1389, CVE-2025-12384 and CVE-2021-24868, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
1
Patch Coverage
100%
Last Updated
Mar 27, 2026
Priority CVE Quick Links

Fast paths into Document Embedder – Embed PDFs, Word, Excel, and Other Files CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2025-12384 High 2.0.1
CVE-2025-12384 Document Embedder – Embed PDFs, Word, Excel, and Other Files Vulnerability

Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

CVE-2021-24775 Medium 1.7.6
CVE-2021-24775 Document Embedder – Embed PDFs, Word, Excel, and Other Files Vulnerability

Document Embedder < 1.7.6 - Sensitive Data Exposure

CVE-2026-1389 Medium 2.0.5
CVE-2026-1389 Document Embedder – Embed PDFs, Word, Excel, and Other Files Authorization Bypass

Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

CVE-2021-24868 Medium 1.7.9
CVE-2021-24868 Document Embedder – Embed PDFs, Word, Excel, and Other Files Vulnerability

Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Document Embedder – Embed PDFs, Word, Excel, and Other Files so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2026-1389, CVE-2025-12384 and CVE-2021-24868
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Document Embedder – Embed PDFs, Word, Excel, and Other Files

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-1389
CVE-2026-1389: Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource...

Published
Jan 27, 2026
Patched Release
2.0.5
Affected Versions
Versions up to 2.0.4
Next Step
Update to 2.0.5 or newer if supported.
Open CVE-2026-1389 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-12384
CVE-2025-12384: Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Manipulation

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data in all versions up to, and including, 2.0.0. This is due to the plugin not properly verifying that a user is authorized to perform...

Published
Nov 04, 2025
Patched Release
2.0.1
Affected Versions
Versions up to 2.0.0
Next Step
Update to 2.0.1 or newer if supported.
Open CVE-2025-12384 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24868
CVE-2021-24868: Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

Published
Jan 03, 2022
Patched Release
1.7.9
Affected Versions
Versions before 1.7.9
Next Step
Update to 1.7.9 or newer if supported.
Open CVE-2021-24868 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24775
CVE-2021-24775: Document Embedder < 1.7.6 - Sensitive Data Exposure

The Document Embedder WordPress plugin before 1.7.6 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.

Published
Jan 03, 2022
Patched Release
1.7.6
Affected Versions
Versions before 1.7.5
Next Step
Update to 1.7.6 or newer if supported.
Open CVE-2021-24775 Report Open CVE Reference