cleantalk
Vulnerabilities and Security Researches

E2Pdf – Export To Pdf Tool for WordPress, CVE-2023-6826

CVE, Research URL

CVE-2023-6826

Home page URL

Security reports for E2Pdf – Export To Pdf Tool for WordPress

Application

E2Pdf – Export To Pdf Tool for WordPress

Published on
Dec 15, 2023
Research Description
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.20.26.
Status
vulnerable
Previous vulnerability researches
E2Pdf – Export To Pdf Tool for WordPress (CVE-2024-37415) , Jul 02, 2024
E2Pdf – Export To Pdf Tool for WordPress (CVE-2023-46154) , Jun 07, 2024
E2Pdf – Export To Pdf Tool for WordPress (CVE-2023-50849) , Jun 07, 2024
E2Pdf – Export To Pdf Tool for WordPress (CVE-2023-5229) , Jun 07, 2024
E2Pdf – Export To Pdf Tool for WordPress (CVE-2024-31373) , Jun 07, 2024
New vulnerability
Email Attachment by Order Status & Products (CVE-2025-49957) , Nov 10, 2025
Kognetiks Chatbot for WordPress (CVE-2025-11256) , Nov 10, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-12469) , Nov 10, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-12468) , Nov 10, 2025
Product Filter by WBW (CVE-2025-11269) , Nov 10, 2025