E2pdf

e2pdf

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-62068 1E2pdf 1E2pdf Jun 17, 2026 Oct 22, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.
CVE-2024-37415 1E2pdf 1E2pdf Jun 17, 2026 Nov 1, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVE-2024-43318 1E2pdf 1E2pdf Jun 17, 2026 Aug 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.25.05.
CVE-2024-31373 1E2pdf 1E2pdf Jun 17, 2026 Apr 15, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVE-2023-50849 1E2pdf 1E2pdf Jun 17, 2026 Dec 28, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.Show less
CVE-2023-46154 1E2pdf 1E2pdf Jun 17, 2026 Dec 19, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.
CVE-2023-6826 1E2pdf 1E2pdf Jun 17, 2026 Dec 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authen...Show more The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2023-5229 1E2pdf 1E2pdf Jun 17, 2026 Oct 31, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disa...Show more The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedShow less
CVE-2022-0535 1E2pdf 1E2pdf Jun 17, 2026 Mar 7, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disa...Show more The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedShow less