Lucene search

K
wpvulndbWpvulndbWPVDB-ID:67EC2AAC-96C7-4D62-AF49-776F4CB76430
HistorySep 27, 2023 - 12:00 a.m.

Save as Image by Pdfcrowd < 2.16.1 - Admin+ Stored XSS

2023-09-2700:00:00
wpscan.com
2
pdfcrowd
stored xss
unvalidated parameters
admin+ role
multisite setup

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CPENameOperatorVersion
eq2.16.1

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Related for WPVDB-ID:67EC2AAC-96C7-4D62-AF49-776F4CB76430