CVE-2025-12384
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | document_embedder | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Document Embedder WordPress plugin allows unauthorized users to create, read, update, and delete document library posts. It occurs because several AJAX handler functions that manage document libraries are improperly exposed to unauthenticated users. Although nonce verification and user capability checks exist, sensitive AJAX actions like saving and deleting documents are registered for non-authenticated users, increasing the risk that attackers can bypass protections and manipulate documents without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access and modification of documents within the plugin's document library. Attackers could create, read, update, or delete documents without permission, potentially resulting in data loss, data tampering, or exposure of sensitive information. This compromises the integrity and availability of the document content managed by the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized AJAX requests to the following endpoints: 'bplde_save_document_library', 'bplde_get_all', 'bplde_get_single', and 'bplde_delete_document_library'. You can check your web server logs or use tools like curl or wget to simulate requests to these AJAX actions and observe if unauthorized access is possible. For example, you can use curl commands to send POST requests with and without valid nonces and observe the responses. Additionally, inspecting WordPress AJAX hooks registration in the plugin files (such as Init-DocumentLibrary.php) can help identify if sensitive AJAX actions are exposed to unauthenticated users. Example command: curl -X POST -d "action=bplde_save_document_library&nonce=INVALID_OR_MISSING" https://yourwordpresssite.com/wp-admin/admin-ajax.php -v [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Document Embedder plugin to a version later than 2.0.0 where the vulnerability is fixed. If an update is not immediately available, restrict access to the AJAX endpoints by disabling or removing the 'nopriv' AJAX hooks for sensitive actions such as 'bplde_save_document_library' and 'bplde_delete_document_library'. Ensure that nonce verification and capability checks are properly enforced and that these AJAX actions are only accessible to authenticated users with appropriate permissions. Additionally, monitor and audit AJAX requests to detect any unauthorized attempts. [1, 2]