Lucene search
+L

131 matches found

Prion
Prion
added 2023/12/15 8:15 a.m.25 views

Input validation

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

5.8CVSS7.8AI score0.01274EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/12/15 7:30 a.m.80 views

CVE-2023-6826

CVE-2023-6826 affects the WordPress plugin E2Pdf (Export To Pdf Tool) where versions up to and including 1.20.25 fail to validate file types in the import_action function. This allows authenticated attackers with granted plugin access to upload arbitrary files to the server, with potential remote...

7.2CVSS7.4AI score0.01274EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/15 7:30 a.m.19 views

CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

7.2CVSS7.8AI score0.01274EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/15 7:30 a.m.34 views

CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...

7.2CVSS7.5AI score0.01274EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.6 views

WordPress Plugin E2Pdf security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.2CVSS7AI score0.01274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.6 views

PT-2023-32780 · WordPress · E2Pdf

Name of the Vulnerable Software and Affected Versions: E2Pdf plugin for WordPress versions up to, and including, 1.20.25 Description: The issue arises from insufficient file type validation on the import action function, allowing authenticated attackers with granted access to the plugin to upload...

7.2CVSS7.7AI score0.01274EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/12/15 12:0 a.m.10 views

WordPress e2pdf Plugin <= 1.20.25 is vulnerable to Arbitrary File Upload

Software e2pdf Type Plugin Vulnerable versions = 1.20.25 Fixed in 1.20.26 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-6826 Patch priority Low CVSS severity Low 6.6 Developer E2Pdf.com PSID fa835cc6ab49 Credits István Márton Required privilege Administrator Publish...

7.2CVSS6.8AI score0.01274EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/15 12:0 a.m.33 views

E2Pdf < 1.20.26 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate upload files via the importaction function, allowing users having access to the plugin by default admin to upload arbitrary files...

7.2CVSS7AI score0.01274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.19 views

E2Pdf < 1.20.19 - Authenticated (Administrator+) PHP Object Injection

Description The E2Pdf plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.20.18 via deserialization of untrusted input within the importaction and ajaxupload functions. This makes it possible for authenticated attackers, with administrative-level...

7.2CVSS7.4AI score0.00735EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/31 2:15 p.m.18 views

CVE-2023-5229

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS4.8AI score0.00402EPSS
Exploits2References1
OSV
OSV
added 2023/10/31 2:15 p.m.3 views

CVE-2023-5229

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00402EPSS
Exploits2References1
Prion
Prion
added 2023/10/31 2:15 p.m.16 views

Cross site scripting

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.3CVSS4.6AI score0.00402EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 1:54 p.m.9 views

CVE-2023-5229 E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

6.1AI score0.00402EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/10/31 1:54 p.m.28 views

CVE-2023-5229 E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2023/10/31 1:54 p.m.48 views

CVE-2023-5229

The CVE pertains to the WordPress plugin E2Pdf (versions prior to 1.20.20). The root cause is that the plugin does not sanitize and escape certain settings, enabling stored Cross-Site Scripting by high-privilege (Administrator) users, even when unfiltered_html is disallowed. Affected: E2Pdf WordP...

4.8CVSS4.7AI score0.00402EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.14 views

WordPress e2pdf Plugin < 1.20.20 is vulnerable to Cross Site Scripting (XSS)

Software e2pdf Type Plugin Vulnerable versions 1.20.20 Fixed in 1.20.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-5229 Patch priority Low CVSS severity Low 5.9 Developer E2Pdf.com PSID 5dd49f4334ad Credits Yassir Sbai Fahim Required privilege Administrator...

4.8CVSS6.9AI score0.00402EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.3 views

WordPress Plugin E2Pdf Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

4.8CVSS6.1AI score0.00402EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-31958 · WordPress · E2Pdf

Name of the Vulnerable Software and Affected Versions: E2Pdf WordPress plugin versions prior to 1.20.20 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin not sanitizing and escaping...

4.8CVSS4.6AI score0.00402EPSS
Exploits2References4
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.15 views

WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection

Software e2pdf Type Plugin Vulnerable versions = 1.20.18 Fixed in 1.20.19 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-46154 Patch priority Low CVSS severity Low 6.6 Developer E2Pdf.com PSID f89d3fc37d51 Credits trein Required privilege Administrator Published 17...

7.2CVSS6.8AI score0.00735EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2023/10/09 12:0 a.m.144 views

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed 1 Create a new template on...

4.8CVSS4.8AI score0.00402EPSS
Exploits2
Rows per page
Query Builder