E2pdf: >> E2pdf >> 1.20.24 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E2Pdf.Com allows Stored XSS.This issue affects e2pdf: from n/a through 1.25.05.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-18
The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Score
7.2
EPSS Score
0.073
Published
2023-12-15