VYPR

E2pdf

by WordPress

Source repositories

CVEs (11)

  • CVE-2023-50849HigDec 28, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.

  • CVE-2026-42681HigJun 1, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14.

  • CVE-2023-46154MedDec 19, 2023
    risk 0.43cvss 6.6epss 0.01

    Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.

  • CVE-2024-43318MedAug 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.25.05.

  • CVE-2023-6826HigDec 15, 2023
    risk 0.40cvss 7.2epss 0.01

    The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator…

  • CVE-2026-7650MedMay 8, 2026
    risk 0.35cvss 6.4epss 0.00

    The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output…

  • CVE-2024-37415MedNov 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.

  • CVE-2024-31373MedApr 15, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.

  • CVE-2023-5229MedOct 31, 2023
    risk 0.31cvss 4.8epss 0.00

    The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2022-0535MedMar 7, 2022
    risk 0.24cvss 4.8epss 0.01

    The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

  • CVE-2026-12407Jun 18, 2026
    risk 0.00cvss epss 0.00

    The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screen_action() function lacking a dedicated capability check and nonce verification — when invoked via the…