50 matches found
WordPress Plugin e2pdf 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
EUVD-2023-57557
Malicious code in bioql PyPI...
EUVD-2023-59036
Malicious code in bioql PyPI...
CVE-2023-5229
The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-6826
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...
CVE-2024-37415 WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability
Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27...
WordPress plugin e2pdf 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress e2pdf Plugin <= 1.25.05 is vulnerable to Cross Site Scripting (XSS)
Software e2pdf Type Plugin Vulnerable versions = 1.25.05 Fixed in 1.25.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43318 Patch priority Low CVSS severity Low 6.5 Developer E2Pdf.com PSID 618e2ecf6073 Credits LVT-tholv2k Required privilege Contributor Publish...
WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin e2pdf versions = 1.20.27...
WordPress e2pdf Plugin <= 1.20.27 is vulnerable to Broken Access Control
Software e2pdf Type Plugin Vulnerable versions = 1.20.27 Fixed in 1.23.00 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37415 Patch priority Low CVSS severity Low 5.4 Developer E2Pdf.com PSID 4dae4c7543a5 Credits Steven Julian Required privilege Subscrib...
WordPress e2pdf Plugin <= 1.24.00 is vulnerable to Cross Site Scripting (XSS)
Software e2pdf Type Plugin Vulnerable versions = 1.24.00 Fixed in 1.25.01 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer E2Pdf.com PSID cc24959a7a9a Credits Yudistira Arya Required privilege Author Published 27...
e2pdf < 1.23.00 - Cross-Site Request Forgery
Description The e2pdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.20.27. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin e2pdf versions = 1.20.27...
WordPress e2pdf Plugin <= 1.20.27 is vulnerable to Cross Site Request Forgery (CSRF)
Software e2pdf Type Plugin Vulnerable versions = 1.20.27 Fixed in 1.23.00 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31373 Patch priority Low CVSS severity Low 5.4 Developer E2Pdf.com PSID eb7251584702 Credits Steven Julian Required privileg...
CVE-2023-50849
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23...
PT-2023-31681 · WordPress · E2Pdf
Name of the Vulnerable Software and Affected Versions: E2Pdf – Export To Pdf Tool for WordPress versions 1.20.23 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential...
WordPress e2pdf Plugin <= 1.20.23 is vulnerable to SQL Injection
Software e2pdf Type Plugin Vulnerable versions = 1.20.23 Fixed in 1.20.24 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50849 Patch priority Low CVSS severity Low 7.6 Developer E2Pdf.com PSID dd0c2ff3afc5 Credits Muhammad Daffa Required privilege Administrator Published 21...
CVE-2023-46154 WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18...
WordPress Plugin E2Pdf Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2023-6826
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...