Skip to main content

E2pdf

6 CVEs product

Monthly

CVE-2026-32442 MEDIUM This Month

E2Pdf versions through 1.28.15 contain a missing authorization vulnerability that allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. An attacker with low-level user privileges can exploit this via network access without user interaction to escalate their capabilities and modify unauthorized PDF-related resources. While the CVSS score of 4.3 is moderate and integrity impact is low, the vulnerability represents a classic authorization bypass that could allow privilege escalation or lateral movement within multi-user E2Pdf deployments.

Authentication Bypass E2pdf
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2023-50849 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.23. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi E2pdf
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-46154 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-6826 HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress E2pdf
NVD VulDB
CVSS 3.1
7.2
EPSS
7.3%
CVE-2023-5229 MEDIUM POC This Month

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS E2pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0535 MEDIUM POC PATCH This Month

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress E2pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
1.3%
EPSS 0% CVSS 5.0
MEDIUM This Month

E2Pdf versions through 1.28.15 contain a missing authorization vulnerability that allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. An attacker with low-level user privileges can exploit this via network access without user interaction to escalate their capabilities and modify unauthorized PDF-related resources. While the CVSS score of 4.3 is moderate and integrity impact is low, the vulnerability represents a classic authorization bypass that could allow privilege escalation or lateral movement within multi-user E2Pdf deployments.

Authentication Bypass E2pdf
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.23. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi E2pdf
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
EPSS 7% CVSS 7.2
HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress +1
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS E2pdf
NVD WPScan
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress E2pdf
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy