CVE-2025-68534

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 6.3.0...

CVE-2025-10647 Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxhandlerdownloadpdfmedia function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-58620

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Stored XSS.This issue affects PDF for WPForms: from n/a through = 6.2.1...

CVE-2025-58620

CVE-2025-58620 : WordPress PDF for WPForms plugin is affected by a stored XSS due to improper input neutralization during web page generation. Affected software is the PDF for WPForms plugin for WordPress (plugin name: PDF for WPForms; vulnerable versions include