E2Pdf Export Pdf Tool For Wordpress
Monthly
Privilege escalation in the E2Pdf - Export Pdf Tool for WordPress plugin (versions ≤ 1.32.26) allows authenticated low-privilege users with the e2pdf_templates capability to overwrite arbitrary WordPress options and elevate themselves to administrator. The flaw stems from the screen_action() function lacking a capability check and nonce verification, letting attackers pass attacker-controlled option names and values directly to update_option(). No public exploit identified at time of analysis, but the issue was disclosed by Wordfence with detailed source-line references making weaponization straightforward.
Privilege escalation in the E2Pdf - Export Pdf Tool for WordPress plugin (versions ≤ 1.32.26) allows authenticated low-privilege users with the e2pdf_templates capability to overwrite arbitrary WordPress options and elevate themselves to administrator. The flaw stems from the screen_action() function lacking a capability check and nonce verification, letting attackers pass attacker-controlled option names and values directly to update_option(). No public exploit identified at time of analysis, but the issue was disclosed by Wordfence with detailed source-line references making weaponization straightforward.