The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8CVSS
4.7AI Score
0.001EPSS
Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf β Export To Pdf Tool for WordPress.This issue affects E2Pdf β Export To Pdf Tool for WordPress: from n/a through 1.20.18.
7.2CVSS
7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf β Export To Pdf Tool for WordPress.This issue affects E2Pdf β Export To Pdf Tool for WordPress: from n/a through 1.20.23.
7.6CVSS
7.5AI Score
0.001EPSS
The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8CVSS
4.7AI Score
0.001EPSS
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access ...
7.2CVSS
7.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
5.4CVSS
5.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
6.5CVSS
6.5AI Score
0.0004EPSS