Vulnerabilities and security researches fore2pdf e2pdf
Direction: ascendingJun 07, 2024
E2Pdf – Export To Pdf Tool for WordPress # CVE-2023-46154
- CVE, Research URL
- Application
- Date
- Dec 19, 2023
- Research Description
- Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.
- Affected versions
-
max 1.20.19.
- Status
-
vulnerable
E2Pdf – Export To Pdf Tool for WordPress # CVE-2023-50849
- CVE, Research URL
- Application
- Date
- Dec 28, 2023
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.
- Affected versions
-
max 1.20.24.
- Status
-
vulnerable
E2Pdf – Export To Pdf Tool for WordPress # CVE-2023-5229
- CVE, Research URL
- Application
- Date
- Oct 31, 2023
- Research Description
- The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- Affected versions
-
max 1.20.20.
- Status
-
vulnerable
E2Pdf – Export To Pdf Tool for WordPress # CVE-2024-31373
- CVE, Research URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
- Affected versions
-
max 1.23.00.
- Status
-
vulnerable
E2Pdf – Export To Pdf Tool for WordPress # CVE-2023-6826
- CVE, Research URL
- Application
- Date
- Dec 15, 2023
- Research Description
- The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Affected versions
-
max 1.20.26.
- Status
-
vulnerable
E2Pdf – Export To Pdf Tool for WordPress # CVE-2022-0535
- CVE, Research URL
- Application
- Date
- Mar 07, 2022
- Research Description
- The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- Affected versions
-
max 1.16.45.
- Status
-
vulnerable
Jul 02, 2024
E2Pdf – Export To Pdf Tool for WordPress # CVE-2024-37415
- CVE, Research URL
- Application
- Date
- Nov 01, 2024
- Research Description
- Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.
- Affected versions
-
max 1.23.00.
- Status
-
vulnerable
Jul 23, 2024
E2Pdf – Export To Pdf Tool for WordPress # CVE-2024-4367
- CVE, Research URL
- Application
- Date
- May 14, 2024
- Research Description
- A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- Affected versions
-
max 1.25.01.
- Status
-
vulnerable
Aug 20, 2024
E2Pdf – Export To Pdf Tool for WordPress # CVE-2024-43318
- CVE, Research URL
- Application
- Date
- Aug 18, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
- Affected versions
-
max 1.25.11.
- Status
-
vulnerable
Nov 10, 2025
E2Pdf – Export To Pdf Tool for WordPress # CVE-2025-62068
- CVE, Research URL
- Application
- Date
- Oct 22, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.
- Affected versions
-
max 1.28.10.
- Status
-
vulnerable
Mar 29, 2026
E2Pdf – Export To Pdf Tool for WordPress # CVE-2026-32442
- CVE, Research URL
- Application
- Date
- Mar 14, 2026
- Research Description
- Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.
- Affected versions
-
max 1.28.15.
- Status
-
vulnerable
May 09, 2026
E2Pdf – Export To Pdf Tool for WordPress # CVE-2026-7650
- CVE, Research URL
- Application
- Date
- May 08, 2026
- Research Description
- The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 1.32.18.
- Status
-
vulnerable