CVE-2025-1043

Description

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the ’embeddoc’ shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f8c600-d62d-4f27-ba73-1a77a63859bc?source=cve

https://plugins.trac.wordpress.org/changeset/3242370/embed-any-document

مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

نوشته های مشابه

Active! mail vulnerable to stack-based buffer overflow

Multiple vulnerabilities in BizRobo!

TP-Link Deco BE65 Pro vulnerable to OS command injection

spider orange

Next.js Middleware 15.2.2 – Authorization Bypass