Lucene search
K

182 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57407

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57407

The vulnerability concerns the WordPress plugin PDF Generator for WordPress (plugin name shown as pdf-generator-for-wp) and is described as a Server-Side Request Forgery (SSRF) . Affected versions are listed as “from n/a through

7.2CVSS6.1AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-57407 WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through = 1.6.2...

7.2CVSS0.00266EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday81 views

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtwpgaepbdwnldpdf function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS7.1AI score0.07486EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday100 views

PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

6.1CVSS6.4AI score0.01193EPSS
Exploits2References5
NVD
NVD
added 4 days ago8 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-41482 Frappe: Possible Path Traversal and Local File Inclusion via Chrome PDF Generator

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
Patchstack
Patchstack
added 6 days ago4 views

WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by dodoh4t in WordPress Plugin PDF Generator for WordPress versions = 1.6.2...

7.2CVSS6.1AI score0.00266EPSS
Exploits0Affected Software1
NVD
NVD
added last week11 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added last week11 views

CVE-2026-57868

CVE-2026-57868 affects MicroRealEstate up to version 1.0.0-alpha3, involving broken object-level access controls in the PDF generator functionality. The affected component is the PDF generation feature within MicroRealEstate; the root cause is described as object-level access control failure. The...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

InvoiceShelf 代码问题漏洞

InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...

8.1CVSS5.9AI score0.00245EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/19 8:10 p.m.19 views

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

7.1CVSS0.00444EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:10 p.m.9 views

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectElement.innerHTML method. An attacker...

6.1CVSS5.8AI score
Exploits0References2
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.145 views

📄 WordPress PDF Generator Addon for Elementor Page Builder 1.75 Traversal

Proof of concept exploit for a WordPress PDF Generator Addon for Elementor Page Builder plugin version 1.75 unauthenticated arbitrary file download vulnerability that leverages a path traversal...

7.5CVSS6AI score0.07486EPSS
Exploits3
NVD
NVD
added 2026/02/22 2:16 p.m.5 views

CVE-2019-25433

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...

8.8CVSS0.00262EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.10 views

PT-2026-6655

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 SurveyJS PDF Generator versions 1.12.58 and lower SurveyJS PDF Generator versions 2.5.4 and lower Description A local file inclusion or path traversal issue was identified in jsPDF. Because SurveyJS PDF Generator...

9.2CVSS5.4AI score
Exploits0References6
Patchstack
Patchstack
added 2026/02/02 7:11 a.m.11 views

WordPress PDF Generator Addon for Elementor Page Builder plugin <= 2.0.0 - Unauthenticated Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download vulnerability discovered by stealthcopter in WordPress Plugin PDF Generator Addon for Elementor Page Builder versions = 2.0.0...

7.5CVSS7.3AI score0.07486EPSS
Exploits3References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 6:43 a.m.4 views

CVE-2025-14793 DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.4AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/16 6:43 a.m.3 views

CVE-2025-14793

The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary...

5CVSS5.5AI score0.00242EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/15 11:17 p.m.7 views

WordPress DK PDF - WordPress PDF Generator plugin <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery vulnerability

WordPress DK PDF - WordPress PDF Generator plugin = 2.3.0 - Authenticated Author+ Server-Side Request Forgery vulnerability discovered by WordFence in WordPress Plugin DK PDF – WordPress PDF Generator versions = 2.3.0...

5CVSS7.1AI score0.00242EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder