WordPress Plugin Vulnerabilities

PDF & Print <= 2.0.2 - Unauthenticated Cross-Site-Scripting (XSS)

Description

The PDF & Print by BestWebSoft WordPress plugin was affected by an Unauthenticated Cross-Site-Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
pdf-print
Fixed in 2.0.3

References

CVE
CVE-2018-20970
URL
https://packetstormsecurity.com/files/#149603/
URL
https://bestwebsoft.com/products/wordpress/plugins/pdf-print/
URL
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-014.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Robin Trost of SySS GmbH
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a0164102-feb8-4db5-a9ad-576f9b54241a

Timeline

Publicly Published
2018-09-30 (about 7 years ago)
Added
2018-10-02 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-12-16
Title
HTML Forms – Simple WordPress Forms Plugin < 1.6.1 - Unauthenticated Stored Cross-Site Scripting
Published
2021-09-20
Title
Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
Published
2022-12-20
Title
WOOCS < 1.3.9.3 - Contributor+ Stored XSS
Published
2014-06-12
Title
WP Picasa Image <= 1.0 - XSS
Published
2014-06-12
Title
WP Tmkm Amazon < 1.5.3 - XSS