PDF Generator for WordPress < 1.1.2 - Cross Site Scripting

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin id: CVE-2022-4321 info: name: PDF Generator for WordPress 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium...

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin PDF Poster versions = 2.4.1...

WordPress PDF Poster – Display PDF Files with Custom Viewer plugin <= 2.2.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin PDF Poster versions = 2.2.0...

CVE-2025-68534 WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 6.3.0...

CVE-2017-18528

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues...

WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin PDF Creator Lite versions = 1.2...

EUVD-2025-27392

Malicious code in bioql PyPI...

PT-2025-36799

Name of the Vulnerable Software and Affected Versions: WP Swings PDF Generator for WordPress versions n/a through 1.5.4 Description: The PDF Generator for WordPress plugin suffers from a missing authorization issue due to incorrectly configured access control security levels. Recommendations:...

WordPress PDF for Contact Form 7 plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin PDF for Contact Form 7 versions = 6.5.0...

WordPress PDF 2 Post 2.4.0 Shell Upload

WordPress PDF 2 Post plugin versions 2.4.0 and below suffers from a remote shell upload vulnerability via a zip file...

CVE-2025-47537 WordPress PDF Invoice Builder for WooCommerce plugin <= 5.3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows SQL Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 5.3.8...

CVE-2025-24755

CVE-2025-24755 refers to a stored XSS in the WordPress plugin PDF Invoices for WooCommerce + Drag and Drop Template Builder (PDF Invoices for WooCommerce + Drag and Drop Template Builder) affecting versions up to 4.6.0. Connected sources assign the vulnerability to stored XSS due to improper inpu...

WordPress Pdf Embedder Fay Plugin <= 1.10.1 is vulnerable to Cross Site Scripting (XSS)

Software Pdf Embedder Fay Type Plugin Vulnerable versions = 1.10.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51795 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a58f6ce2474 Credits SOPROBRO Required privilege Contributo...

WordPress PDF Generator Addon for Elementor Page Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin PDF Generator Addon for Elementor Page Builder versions = 1.7.4...

WordPress PDF Generator Addon for Elementor Page Builder Plugin <= 1.7.4 is vulnerable to Cross Site Scripting (XSS)

Software PDF Generator Addon for Elementor Page Builder Type Plugin Vulnerable versions = 1.7.4 Fixed in 1.7.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50449 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7f59036ae201 Credits João...

WordPress PDF-Rechnungsverwaltung Plugin <= 0.0.1 is vulnerable to Local File Inclusion

Software PDF-Rechnungsverwaltung Type Plugin Vulnerable versions = 0.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-49287 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e30e75b2fb5a Credits tahu.datar Required privilege...

WordPress DK PDF plugin <= 1.9.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin DK PDF – WordPress PDF Generator versions = 1.9.6...

WordPress PDF Image Generator Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software PDF Image Generator Type Plugin Vulnerable versions = 1.5.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 787de1e230e7 Credits vgo0 Required...

WordPress PDF Thumbnail Generator Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software PDF Thumbnail Generator Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8737 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8724205bb063 Credits vgo0 Required...

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...