Vulnerabilities > E2Pdf

DATE CVE VULNERABILITY TITLE RISK
2024-08-18 CVE-2024-43318 Cross-site Scripting vulnerability in E2Pdf
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
network
low complexity
e2pdf CWE-79
5.4
2023-12-28 CVE-2023-50849 Unspecified vulnerability in E2Pdf
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.
network
low complexity
e2pdf
7.2
2023-12-19 CVE-2023-46154 Unspecified vulnerability in E2Pdf
Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.
network
low complexity
e2pdf
7.2
2023-12-15 CVE-2023-6826 Unrestricted Upload of File with Dangerous Type vulnerability in E2Pdf
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25.
network
low complexity
e2pdf CWE-434
7.2
2023-10-31 CVE-2023-5229 Cross-site Scripting vulnerability in E2Pdf
The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
e2pdf CWE-79
4.8
2022-03-07 CVE-2022-0535 Cross-site Scripting vulnerability in E2Pdf
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
e2pdf CWE-79
4.8