Vulnerabilities and security researches fore2pdf e2pdf

Nov 10, 2025

CVE, Research URL: CVE-2025-62068
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Oct 22, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.
Affected versions: max 1.28.10.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43318
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Aug 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
Affected versions: max 1.25.11.
Status: vulnerable

Jul 23, 2024

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: max 1.25.01.
Status: vulnerable

Jul 02, 2024

CVE, Research URL: CVE-2024-37415
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.
Affected versions: max 1.23.00.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-46154
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Dec 19, 2023
Research Description: Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.
Affected versions: max 1.20.19.
Status: vulnerable

CVE, Research URL: CVE-2023-50849
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Dec 28, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.
Affected versions: max 1.20.24.
Status: vulnerable

CVE, Research URL: CVE-2023-5229
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Oct 31, 2023
Research Description: The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions: max 1.20.20.
Status: vulnerable

CVE, Research URL: CVE-2024-31373
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
Affected versions: max 1.23.00.
Status: vulnerable

CVE, Research URL: CVE-2023-6826
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Dec 15, 2023
Research Description: The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: max 1.20.26.
Status: vulnerable

CVE, Research URL: CVE-2022-0535
Home page URL: Security reports for E2Pdf – Export To Pdf Tool for WordPress
Application: E2Pdf – Export To Pdf Tool for WordPress
Date: Mar 07, 2022
Research Description: The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions: max 1.16.45.
Status: vulnerable