WordPress Plugin Vulnerabilities

E2Pdf < 1.20.26 - Admin+ Arbitrary File Upload

Description

The plugin does not properly validate upload files via the import_action() function, allowing users having access to the plugin (by default admin) to upload arbitrary files

Affects Plugins

Plugin icon
e2pdf
Fixed in 1.20.26

References

CVE
CVE-2023-6826
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/03faec37-2cce-4e14-92f2-d941ab1b4ce9

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
ace148a6-e018-478a-a658-d5064d909864

Timeline

Publicly Published
2023-12-13 (about 2 years ago)
Added
2023-12-15 (about 2 years ago)
Last Updated
2023-12-15 (about 2 years ago)

Other

Published
Title
Published
2026-02-02
Title
OS DataHub Maps < 1.8.4 - Authenticated (Author+) Arbitrary File Upload
Published
2024-06-26
Title
Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
Published
2024-12-13
Title
Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files
Published
2024-10-15
Title
Cooked Pro < 1.8.0 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
wp-gpx-max version 1.1.21 - Arbitrary File Upload