Skip to main content

E2Pdf Export Pdf Tool For Wordpress

1 CVEs product

Monthly

CVE-2026-12407 HIGH This Week

Privilege escalation in the E2Pdf - Export Pdf Tool for WordPress plugin (versions ≤ 1.32.26) allows authenticated low-privilege users with the e2pdf_templates capability to overwrite arbitrary WordPress options and elevate themselves to administrator. The flaw stems from the screen_action() function lacking a capability check and nonce verification, letting attackers pass attacker-controlled option names and values directly to update_option(). No public exploit identified at time of analysis, but the issue was disclosed by Wordfence with detailed source-line references making weaponization straightforward.

Authentication Bypass WordPress E2Pdf Export Pdf Tool For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the E2Pdf - Export Pdf Tool for WordPress plugin (versions ≤ 1.32.26) allows authenticated low-privilege users with the e2pdf_templates capability to overwrite arbitrary WordPress options and elevate themselves to administrator. The flaw stems from the screen_action() function lacking a capability check and nonce verification, letting attackers pass attacker-controlled option names and values directly to update_option(). No public exploit identified at time of analysis, but the issue was disclosed by Wordfence with detailed source-line references making weaponization straightforward.

Authentication Bypass WordPress E2Pdf Export Pdf Tool For Wordpress
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy