Cross-Site Scripting Vulnerability in E2Pdf Plugin for WordPress
CVE-2024-43318

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: E2PDF
Vendor: CVE Published:; 18 August 2024

What is CVE-2024-43318?

The E2Pdf plugin for WordPress contains a vulnerability that arises from improper neutralization of user input during web page generation, allowing for stored Cross-Site Scripting (XSS) attacks. This flaw enables attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access or data theft. Affected versions include those up to 1.25.05. Website administrators are strongly advised to update to the latest version to mitigate the risk of exploitation.

References

https://patchstack.com/database/vulnerability/e2pdf/wordp...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2024