The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
Make a logged in admin open the following URL: https://example.com/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword=">
CPE | Name | Operator | Version |
---|---|---|---|
pdf-generator-for-wp | lt | 1.1.2 |