WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection
CVE-2023-46154

6.6MEDIUM

Key Information:

Vendor: Wordpress
Status: E2Pdf – Export To Pdf Tool for WordPress
Vendor: CVE Published:; 19 December 2023

Summary

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.

Affected Version(s)

E2Pdf – Export To Pdf Tool for WordPress <= 1.20.18

References

https://patchstack.com/database/vulnerability/e2pdf/wordp...

vdb-entry

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2023
Vulnerability Reserved
Oct 17, 2023

Credit

trein (Patchstack Alliance)