Skip to main content

Print Pdf Email By Printfriendly

3 CVEs product

Monthly

CVE-2026-9738 MEDIUM This Month

Stored Cross-Site Scripting in the Print, PDF, Email by PrintFriendly WordPress plugin (versions through 5.5.10) allows authenticated administrators to inject persistent JavaScript via the 'content_position_css' parameter, which executes in the browsers of any user who visits an affected page. The scope change (S:C) in the CVSS vector confirms the injected script breaks out of the plugin's security context into victim browsers, enabling session hijacking, credential theft, or malicious redirects against site visitors. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

WordPress XSS Print Pdf Email By Printfriendly
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-25032 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Print Pdf Email By Printfriendly
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0663 MEDIUM POC This Month

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Print Pdf Email By Printfriendly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 4.4
MEDIUM This Month

Stored Cross-Site Scripting in the Print, PDF, Email by PrintFriendly WordPress plugin (versions through 5.5.10) allows authenticated administrators to inject persistent JavaScript via the 'content_position_css' parameter, which executes in the browsers of any user who visits an affected page. The scope change (S:C) in the CVSS vector confirms the injected script breaks out of the plugin's security context into victim browsers, enabling session hijacking, credential theft, or malicious redirects against site visitors. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

WordPress XSS Print Pdf Email By Printfriendly
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Print Pdf Email By Printfriendly
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Print Pdf Email By Printfriendly
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy