Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total7
Critical0
High3
Medium4
Reset
Showing 1-7 of 7 records
Threat Entry Updated 2026-06-18

CVE-2026-12407 - E2pdf Plugin

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screen_action() function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path the controller's index_action() nonce gate is bypassed entirely — while reading an attacker-controlled option name and value from $_POST['wp_screen_options'] and passing them directly to update_option() with no allowlist, relying solely on the page-level e2pdf_templates capability which the plugin's own Permissions UI allows administrators to…

PLUGIN E2pdf

CVE-2026-12407

HIGH CVSS 8.8 2026-06-18
Open Full Technical Breakdown
Threat Entry Updated 2026-06-17

CVE-2026-7650 - E2pdf Plugin

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `e2pdf-download` shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN E2pdf

CVE-2026-7650

MEDIUM CVSS 6.4 2026-05-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50849 - E2pdf Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.23.

PLUGIN E2pdf

CVE-2023-50849

HIGH CVSS 7.6 2023-12-28
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-46154 - E2pdf Plugin

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.

PLUGIN E2pdf

CVE-2023-46154

MEDIUM CVSS 6.6 2023-12-19
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6826 - E2pdf Plugin

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN E2pdf

CVE-2023-6826

HIGH CVSS 7.2 2023-12-15
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-5229 - E2pdf Plugin

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN E2pdf

CVE-2023-5229

MEDIUM CVSS 4.8 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0535 - E2pdf Plugin

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

PLUGIN E2pdf

CVE-2022-0535

MEDIUM CVSS 4.8 2022-03-07
Open Full Technical Breakdown
Scroll to top