CVE-2023-5971

The CVE-2023-5971 entry concerns the WordPress plugin Save as PDF by Pdfcrowd (versions before 3.2.0). The issue is that several plugin settings were not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mult...

PT-2024-14852

Name of the Vulnerable Software and Affected Versions Save as PDF Plugin by Pdfcrowd WordPress plugin versions prior to 3.2.0 Description The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability ...

WordPress plugin Send PDF for Contact Form 7 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

WordPress plugin Save as PDF Plugin by Pdfcrowd 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24294 · Pdfcrowd · Save As Pdf Plugin

Name of the Vulnerable Software and Affected Versions: Save as PDF plugin by Pdfcrowd versions 3.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendation...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3216 Patch priority Low CVSS severity Low 5.3 Developer Claim...

CVE-2024-3216 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.1 - Reflected Cross-Site Scripting

Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting parameter in versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-0957 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it...

CVE-2023-52229

Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0...

CVE-2023-52229

CVE-2023-52229 concerns Word Replacer Pro (WordPress plugin)

Information disclosure

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

CVE-2023-25032

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Print, PDF, Email by PrintFriendly plugin = 5.5.1 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin = 2.16.0 versions...

CVE-2023-40668 WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin = 2.16.0 versions...

CVE-2023-40668

The CVE-2023-40668 entry concerns the WordPress plugin Save as PDF by Pdfcrowd (versions

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448

The CVE-2022-45448 vulnerability affects the M4 PDF plugin for Prestashop sites, versions 3.2.3 and earlier. The flaw arises in /m4pdf/pdf.php, which uses templates to generate documents; if a requested template does not exist, a fixed MPDF-formatted document is returned. An attacker can exploit ...

CVE-2022-45447

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

Directory traversal

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...