CVE-2026-12407

CVE-2026-12407 affects the E2Pdf – Export Pdf Tool for WordPress plugin versions up to 1.32.26. The screen_action() path bypasses nonce and capability checks, reading attacker-controlled options from $_POST['wp_screen_options'] and passing them to update_option() with no allowlist, enabling authe...

EUVD-2026-37836

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...