EUVD-2025-3865

Malicious code in bioql PyPI...

EUVD-2022-48315

Malicious code in bioql PyPI...

WordPress WP Advanced PDF Plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Advanced PDF versions = 1.1.7...

CVE-2025-57945

CVE-2025-57945 is an Stored XSS vulnerability in WP Advanced PDF affecting WP Advanced PDF versions from n/a up to and including 1.1.7. The CVE is documented with a CVSS v3.1 base score of 5.9 (Medium) and an attack vector over the network, with user interaction required. The connected Wordfence ...

CVE-2025-57945 WordPress WP Advanced PDF Plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cedcommerce WP Advanced PDF allows Stored XSS. This issue affects WP Advanced PDF: from n/a through 1.1.7...

WordPress plugin Save as PDF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

WordPress plugin WP Advanced PDF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-58620 WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms: from n/a through = 6.2.1...

WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin PDF for WPForms versions = 6.5.0...

CVE-2024-3216

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...

CVE-2024-8727

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

CVE-2024-12446

The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptpsinglepost' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5971

The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...

CVE-2022-4788

The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-24671

Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through = 4.4.0...

CVE-2025-24671 WordPress Save as PDF Plugin by Pdfcrowd Plugin <= 4.4.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through = 4.4.0...

CVE-2025-24671

CVE-2025-24671 : Deserialization of untrusted data in the Save as PDF plugin by Pdfcrowd (versions