WordPress Save as PDF Button plugin cross-site scripting vulnerability

The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...

CVE-2025-8397

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8397 Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode

The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8397

The CVE concerns the WordPress plugin Save as PDF Button. All versions up to 1.9.2 are vulnerable to Stored Cross-Site Scripting via the restpackpdfbutton shortcode due to insufficient sanitization/escaping of user attributes. Authenticated attackers with contributor-level access (or higher) can ...

PT-2025-46794

Name of the Vulnerable Software and Affected Versions Save as PDF Button plugin for WordPress versions prior to 1.9.3 Description The software has a flaw due to insufficient input sanitization and output escaping on user-supplied attributes within the restpackpdfbutton shortcode. This allows...