3 matches found
CVE-2023-6826
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...
CVE-2023-6826
CVE-2023-6826 affects the WordPress plugin E2Pdf (Export To Pdf Tool) where versions up to and including 1.20.25 fail to validate file types in the import_action function. This allows authenticated attackers with granted plugin access to upload arbitrary files to the server, with potential remote...
CVE-2023-6826 E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importaction' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access...