WordPress Plugin Vulnerabilities
E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Proof of Concept
Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Mika
Submitter
Mika
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-09 (about 2 years ago)
Added
2022-02-09 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)