Lucene search
K

75 matches found

Patchstack
Patchstack
added 2025/09/26 9:48 a.m.9 views

WordPress wp-mpdf Plugin <= 3.9.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin wp-mpdf versions = 3.9.1...

6.5CVSS6AI score0.00196EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/26 9:15 a.m.4 views

CVE-2025-60040

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through = 3.9.1...

6.5CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 8:31 a.m.3 views

CVE-2025-60040 WordPress wp-mpdf Plugin <= 3.9.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through = 3.9.1...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 8:31 a.m.13 views

CVE-2025-60040 WordPress wp-mpdf Plugin <= 3.9.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fkrauthan wp-mpdf wp-mpdf allows Stored XSS.This issue affects wp-mpdf: from n/a through = 3.9.1...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/09/26 8:31 a.m.16 views

CVE-2025-60040

CVE-2025-60040 is a Stored XSS in the WordPress plugin wp-mpdf. Affected software: wp-mpdf up to version 3.9.1 (authentication required). The issue arises from improper input neutralization during web page generation, enabling stored malicious script execution in the context of vulnerable sites. ...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.4 views

WordPress plugin wp-mpdf 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.4 views

PT-2025-39538

Name of the Vulnerable Software and Affected Versions wp-mpdf versions through 3.9.1 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting XSS. This allows for the injection of malicious...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.4 views

CVE-2021-4416

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...

4.3CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:47 a.m.4 views

CVE-2024-27962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1...

7.1CVSS8.6AI score0.00397EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 5:15 p.m.3 views

CVE-2024-27962

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1...

6.1CVSS6.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/21 4:46 p.m.20 views

CVE-2024-27962 WordPress wp-mpdf plugin <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1...

7.1CVSS8.6AI score0.00397EPSS
Exploits0References1
CVE
CVE
added 2024/03/21 4:46 p.m.71 views

CVE-2024-27962

CVE-2024-27962 is a Reflected XSS in the WordPress plugin wp-mpdf (author Florian ‘fkrauthan’ Krauthan). The issue arises from improper neutralization of input during web page generation, enabling reflected cross-site scripting. Affected range: wp-mpdf from n/a up to and including 3.7.1. The Conn...

7.1CVSS8.6AI score0.00397EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/21 4:46 p.m.31 views

CVE-2024-27962 WordPress wp-mpdf plugin <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1...

7.1CVSS7.1AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.6 views

WordPress Plugin wp-mpdf 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin wp-mpdf A cross-si...

7.1CVSS7.6AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.4 views

PT-2024-22167 · WordPress · Wp-Mpdf

Name of the Vulnerable Software and Affected Versions: wp-mpdf versions 3.7.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited by injecting malicious...

7.1CVSS9.3AI score0.00397EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.15 views

wp-mpdf < 3.8 - Reflected Cross-Site Scripting

Description The wp-mpdf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execu...

7.1CVSS6.2AI score0.00397EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/13 12:0 a.m.14 views

WordPress wp-mpdf Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software wp-mpdf Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27962 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 94c383c2d70a Credits stealthcopter Required privilege...

7.1CVSS6.5AI score0.00397EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/02/29 1:56 p.m.28 views

Server Side Request Forgery (SSRF)

mpdf/mpdf is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user input while creating PDF when using html2pdf service. An attacker can exploit this flaw to use crafted html to include any arbitrary URL in the input to read the data from or to attack the...

3.5CVSS7AI score0.00412EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/09/20 1:15 p.m.3 views

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

6.1CVSS5.9AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 1:15 p.m.21 views

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

6.1CVSS4.7AI score0.00287EPSS
Exploits0References1
Rows per page
Query Builder