cleantalk
Vulnerabilities and Security Researches

E2Pdf – Export To Pdf Tool for WordPress, CVE-2026-12407

CVE, Research URL

CVE-2026-12407

Home page URL

Security reports for E2Pdf – Export To Pdf Tool for WordPress

Application

E2Pdf – Export To Pdf Tool for WordPress

Published on
Jun 18, 2026
Research Description
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screen_action() function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path the controller's index_action() nonce gate is bypassed entirely — while reading an attacker-controlled option name and value from $_POST['wp_screen_options'] and passing them directly to update_option() with no allowlist, relying solely on the page-level e2pdf_templates capability which the plugin's own Permissions UI allows administrators to grant to any role including Subscriber, Contributor, Author, or Editor. This makes it possible for authenticated attackers, with a custom role that has been granted the e2pdf_templates capability, to overwrite arbitrary WordPress options such as default_role and thereby escalate their privileges to administrator.
Affected versions
max 1.32.31.
Status
vulnerable
Previous vulnerability researches
Web Push Notifications by PushEngage: WordPress Push Notifications to Supercharge Your Engagement (CVE-2026-52698) , Jun 19, 2026
New vulnerability
WP Scraper (CVE-2025-69129) , Jun 19, 2026
WP Scraper (CVE-2025-69131) , Jun 19, 2026
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress (CVE-2026-12102) , Jun 19, 2026
Popup Box – Best WordPress Popup Plugin (CVE-2026-54192) , Jun 19, 2026
Simple Membership (CVE-2026-12093) , Jun 19, 2026