What is the severity of CVE-2025-1043?

CVE-2025-1043 has a severity rating of MEDIUM with a CVSS base score of 6.4.

CVE-2025-1043 | Medium Vulnerability in Embed Any Document Plugin for WordPress

CVE-2025-1043: Medium Vulnerability in Embed Any Document Plugin for WordPress

The Embed Any Document plugin for WordPress has a medium-severity Server-Side Request Forgery vulnerability affecting all versions up to 2.7.5. Authenticated attackers can exploit this to make unauthorized web requests, risking internal service information.

MEDIUMCVSS 6.4 · Published February 20, 2025

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This vulnerability allows authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application. Such capability can be exploited to query and modify information from internal services, potentially leading to unauthorized access to sensitive data.

The CVSS score for this vulnerability is 6.4, classifying it as medium severity. This rating indicates that while exploitation is possible, the attack complexity is low, and the privileges required are also minimal. As a result, organizations using this plugin should be aware of the potential risks involved in maintaining outdated versions, especially since the vulnerability can be exploited remotely without user interaction.

Given the nature of this vulnerability, organizations should prioritize addressing it within their patch management processes. Ensuring that the affected plugin is updated to a secure version is critical to mitigating the risk associated with this SSRF vulnerability. Additionally, organizations should continuously monitor for any unusual network activity that may indicate attempts to exploit this vulnerability.

No public exploit has been confirmed for this vulnerability at this time. However, the potential for exploitation, combined with the medium severity level, warrants immediate attention from system administrators and security teams.

Organizations should prioritize patching immediately.

For more information on how to secure WordPress installations, organizations may consider reviewing best practices in penetration testing methodologies to identify potential vulnerabilities.

In summary, the SSRF vulnerability in the Embed Any Document plugin poses a risk to organizations utilizing this software. It is vital that they remain vigilant and proactive in their security measures.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2025-1043: Medium Vulnerability in Embed Any Document Plugin for WordPress

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.