CVE-2024-12446 Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptpsinglepost' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-10891

The CVE-2024-10891 entry concerns the WordPress plugin Save as PDF Plugin by Pdfcrowd. It is vulnerable to Stored Cross-Site Scripting via the shortcode save_as_pdf_pdfcrowd in all versions up to and including 4.2.1, caused by insufficient input sanitization and output escaping of user-supplied a...

CVE-2024-10891 Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saveaspdfpdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-10891 Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saveaspdfpdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Save as PDF Plugin by Pdfcrowd 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2024-16624 · Pdfcrowd · Save As Pdf Plugin

Name of the Vulnerable Software and Affected Versions: Save as PDF Plugin by Pdfcrowd versions up to, and including, 4.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'save as pdf pdfcrowd' shortcode due to insufficient input sanitization and output escaping ...

CVE-2024-8727

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

PT-2024-39206 · WordPress · Dk Pdf Plugin

Name of the Vulnerable Software and Affected Versions: DK PDF plugin for WordPress versions up to, and including, 1.9.6 Description: The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This makes ...

WordPress plugin DK PDF 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-7739

A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2024-6317

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

CVE-2024-6317

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

CVE-2024-6317

CVE-2024-6317 affects the Generate PDF using Contact Form 7 plugin for WordPress. The WordPress plugin is vulnerable to Cross-Site Forgery Request (CSRF) enabling Arbitrary File Deletion in versions up to 4.0.6 due to missing nonce validation and improper file/path validation in wp_cf7_pdf_dashbo...

CVE-2024-6317 Generate PDF using Contact Form 7 <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

CVE-2024-37555 WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through = 4.1.2...

WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - CSRF to Arbitrary File Upload vulnerability

CSRF to Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...

WordPress Generate PDF using Contact Form 7 plugin <= 4.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by István Márton in WordPress Plugin Generate PDF using Contact Form 7 versions = 4.1.2...

WordPress plugin Generate PDF using Contact Form Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue exists in WordPress plugin...

WordPress plugin Generate PDF using Contact Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Generate PDF using Contact Form 7 Plugin <= 4.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Generate PDF using Contact Form 7 Type Plugin Vulnerable versions = 4.1.2 Fixed in 4.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6317 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8ce1a2d4086e Credits...