WordPress Plugin Vulnerabilities

WP PDF Generator < 1.2.3 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.

Affects Plugins

Plugin icon
wp-pdf-generator
Fixed in 1.2.3

References

CVE
CVE-2023-35038

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
64a55528-feb4-4a68-adeb-0cd3e28576c9

Timeline

Publicly Published
2023-07-17 (about 2 years ago)
Added
2023-07-17 (about 2 years ago)
Last Updated
2023-07-17 (about 2 years ago)

Other

Published
Title
Published
2025-09-22
Title
Double the Donation < 3.0.0 - Cross-Site Request Forgery
Published
2022-09-23
Title
SEO Redirection < 9.1 - 404 Error & History Deletion via CSRF
Published
2024-12-12
Title
WP Controller <= 3.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-05-16
Title
Spare <= 1.7 - Cross-Site Request Forgery
Published
2026-01-13
Title
Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery