6 matches found
CVE-2023-5971
The CVE-2023-5971 entry concerns the WordPress plugin Save as PDF by Pdfcrowd (versions before 3.2.0). The issue is that several plugin settings were not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mult...
CVE-2024-37549
CVE-2024-37549 is a Stored XSS in the WordPress plugin Save as PDF by Pdfcrowd (Pdfcrowd) due to Improper Neutralization of Input During Web Page Generation. Technical details in connected sources indicate affected versions are up to 4.0.0 (n/a through 4.0.0). The root cause is input handling dur...
CVE-2024-10891
The CVE-2024-10891 entry concerns the WordPress plugin Save as PDF Plugin by Pdfcrowd. It is vulnerable to Stored Cross-Site Scripting via the shortcode save_as_pdf_pdfcrowd in all versions up to and including 4.2.1, caused by insufficient input sanitization and output escaping of user-supplied a...
CVE-2024-3062
The CVE-2024-3062 entry concerns the WordPress plugin Save as Image by Pdfcrowd (pre-3.2.2). It documents that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Affected com...
CVE-2024-35649
CVE-2024-35649 describes a Stored XSS in the Pdfcrowd Save as PDF plugin for WordPress. The initial description indicates vulnerability in the plugin from versions up to 3.2.3 (inclusive). Connected CVE data confirm that this is a stored XSS in web page generation via user input, with remediation...
CVE-2023-40668
The CVE-2023-40668 entry concerns the WordPress plugin Save as PDF by Pdfcrowd (versions