Pdf Poster
Monthly
Missing authorization controls in bPlugins PDF Poster WordPress plugin versions up to 2.4.1 allow unauthenticated remote attackers to read sensitive information by exploiting incorrectly configured access control. The vulnerability exposes limited confidential data without requiring authentication or user interaction, affecting all default installations of the affected plugin versions.
bPlugins PDF Poster through version 2.4.0 contains an authorization bypass vulnerability that allows authenticated users to modify or disrupt PDF operations due to improperly configured access controls. An attacker with valid credentials could exploit this flaw to manipulate data integrity or cause service disruption without proper authorization checks.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster - PDF Embedder Plugin for WordPress allows Reflected XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authorization controls in bPlugins PDF Poster WordPress plugin versions up to 2.4.1 allow unauthenticated remote attackers to read sensitive information by exploiting incorrectly configured access control. The vulnerability exposes limited confidential data without requiring authentication or user interaction, affecting all default installations of the affected plugin versions.
bPlugins PDF Poster through version 2.4.0 contains an authorization bypass vulnerability that allows authenticated users to modify or disrupt PDF operations due to improperly configured access controls. An attacker with valid credentials could exploit this flaw to manipulate data integrity or cause service disruption without proper authorization checks.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster - PDF Embedder Plugin for WordPress allows Reflected XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.