Vulnerabilities and security researches forpdf-poster pdf-poster

Jun 07, 2024

CVE, Research URL: CVE-2024-23508
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: Jan 31, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17.
Affected versions: max 2.1.18.
Status: vulnerable

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: max 2.1.22.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-32416
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: Mar 14, 2026
Research Description: Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
Affected versions: max 2.4.0.
Status: vulnerable

May 02, 2026

CVE, Research URL: CVE-2024-13362
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: May 01, 2026
Research Description: Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.0.
Status: vulnerable

May 09, 2026

CVE, Research URL: CVE-2026-27416
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: May 07, 2026
Research Description: Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.
Affected versions: max 2.5.0.
Status: vulnerable