WordPress Plugin Vulnerabilities

Document Library Lite < 1.2.0 - Unauthenticated Insecure Direct Object Reference

Description

The Document Library Lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
document-library-lite
Fixed in 1.2.0

References

CVE
CVE-2025-67985
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/332a37fa-a082-4f6b-a81f-9741b121d0a0

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Zeeshan Haider
Verified
No
WPVDB ID
1bc05d4c-b7d0-4347-804c-2bd4e303e30c

Timeline

Publicly Published
2025-12-15 (about 6 months ago)
Added
2025-12-20 (about 6 months ago)
Last Updated
2025-12-20 (about 6 months ago)

Other

Published
Title
Published
2026-06-17
Title
FireBox Popups < 3.1.8 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter
Published
2025-01-17
Title
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin < 2.9.2 - Information Exposure
Published
2024-01-15
Title
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
Published
2021-02-23
Title
Web-Stat < 1.4.1 - API Key Disclosure
Published
2025-09-22
Title
Getwid < 2.1.3 - Authenticated (Contributor+) Sensitive Information Exposure