Vulnerability Details CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2022-0535
-
cpe:2.3:a:e2pdf:e2pdf:-
-
cpe:2.3:a:e2pdf:e2pdf:1.00.00
-
cpe:2.3:a:e2pdf:e2pdf:1.00.13
-
cpe:2.3:a:e2pdf:e2pdf:1.01.01
-
cpe:2.3:a:e2pdf:e2pdf:1.02.02
-
cpe:2.3:a:e2pdf:e2pdf:1.03.07
-
cpe:2.3:a:e2pdf:e2pdf:1.04.07
-
cpe:2.3:a:e2pdf:e2pdf:1.05.03
-
cpe:2.3:a:e2pdf:e2pdf:1.06.02
-
cpe:2.3:a:e2pdf:e2pdf:1.07.11
-
cpe:2.3:a:e2pdf:e2pdf:1.08.09
-
cpe:2.3:a:e2pdf:e2pdf:1.09.10
-
cpe:2.3:a:e2pdf:e2pdf:1.10.11
-
cpe:2.3:a:e2pdf:e2pdf:1.11.08
-
cpe:2.3:a:e2pdf:e2pdf:1.13.40
-
cpe:2.3:a:e2pdf:e2pdf:1.15.14
-
cpe:2.3:a:e2pdf:e2pdf:1.15.54
-
cpe:2.3:a:e2pdf:e2pdf:1.16.00
-
cpe:2.3:a:e2pdf:e2pdf:1.16.01
-
cpe:2.3:a:e2pdf:e2pdf:1.16.02
-
cpe:2.3:a:e2pdf:e2pdf:1.16.09
-
cpe:2.3:a:e2pdf:e2pdf:1.16.16
-
cpe:2.3:a:e2pdf:e2pdf:1.16.28
-
cpe:2.3:a:e2pdf:e2pdf:1.16.43
-
cpe:2.3:a:e2pdf:e2pdf:1.16.44