Lucene search
K

105 matches found

RedhatCVE
RedhatCVE
added 2026/01/17 7:15 a.m.6 views

CVE-2025-14793

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.8AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 7:15 a.m.3 views

CVE-2025-14793

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS0.00242EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.3 views

CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.4AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.3 views

CVE-2025-14793

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.5AI score0.00242EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/16 6:43 a.m.26 views

CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS0.00242EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.6 views

PT-2026-3223

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.8AI score0.00242EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.6 views

WordPress plugin DK PDF code issue vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5CVSS5.8AI score0.00242EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/15 11:17 p.m.6 views

WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress DK PDF - WordPress PDF Generator plugin = 2.3.0 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by WordFence in WordPress Plugin DK PDF – WordPress PDF Generator versions = 2.3.0...

5CVSS7.1AI score0.00242EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/12 4:47 p.m.1 views

EUVD-2025-146932

Malicious code in uinsu-losiat-dk npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-43758

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.6 views

CVE-2024-8727

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.4AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 9:49 a.m.4 views

CVE-2025-24541

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through = 1.0...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 3:15 p.m.5 views

CVE-2025-24541

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through = 1.0...

7.1CVSS0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/03 2:22 p.m.20 views

CVE-2025-24541 WordPress DK White Label plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through = 1.0...

7.1CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2025/02/03 2:22 p.m.48 views

CVE-2025-24541

The CVE-2025-24541 entry concerns the WordPress DK White Label plugin (versions up to 1.0). The vulnerability is a Reflected Cross-Site Scripting (XSS) due to Improper Neutralization of Input During Web Page Generation. The issue affects DK White Label: from n/a through 1.0, and the connected sou...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 2:22 p.m.6 views

CVE-2025-24541 WordPress DK White Label plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: from n/a through = 1.0...

7.1CVSS5.9AI score0.00322EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/14 11:45 a.m.3 views

WordPress DK White Label plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin DK White Label versions = 1.0...

7.1CVSS6.1AI score0.00322EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/10/01 8:15 a.m.10 views

CVE-2024-8727

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00344EPSS
Exploits0References3
CVE
CVE
added 2024/10/01 7:30 a.m.41 views

CVE-2024-8727

DK PDF for WordPress is vulnerable to Reflected XSS (CVE-2024-8727) due to improper escaping in add_query_arg usage across versions up to 1.9.6. Unauthenticated attackers could inject scripts into pages that run when a user is tricked into taking an action (e.g., clicking a link). Public sources ...

6.1CVSS6.3AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/01 7:30 a.m.20 views

CVE-2024-8727 DK PDF <= 1.9.6 - Reflected Cross-Site Scripting

The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00344EPSS
Exploits0References3
Rows per page
Query Builder