Vulnerabilities and security researches forpdf-poster pdf-poster

Jun 07, 2024

CVE, Research URL: CVE-2024-23508
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: Jan 31, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17.
Affected versions: max 2.1.18.
Status: vulnerable

CVE, Research URL: CVE-2024-4367
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: May 14, 2024
Research Description: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Affected versions: max 2.1.22.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-32416
Home page URL: Security reports for PDF Poster – PDF Embedder Plugin for WordPress
Application: PDF Poster – PDF Embedder Plugin for WordPress
Date: Mar 14, 2026
Research Description: Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
Affected versions: max 2.4.0.
Status: vulnerable