Server-Side Request Forgery Vulnerability in DK PDF Plugin for WordPress
CVE-2025-14793

5MEDIUM

Key Information:

Vendor: WordPress
Status: Dk PDF – WordPress PDF Generator
Vendor: CVE Published:; 16 January 2026

What is CVE-2025-14793?

The DK PDF – WordPress PDF Generator plugin allows authenticated users, such as authors and above, to exploit a Server-Side Request Forgery (SSRF) vulnerability through the 'addContentToMpdf' function. This flaw enables attackers to send web requests to arbitrary locations, which can potentially lead to unauthorized queries and modifications of sensitive information from internal services. It is crucial for site administrators to secure their installations against this vulnerability to protect the integrity of their systems.

Affected Version(s)

DK PDF – WordPress PDF Generator 0 <= 2.3.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/m...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2026
Vulnerability Reserved
Dec 16, 2025

Credit

Athiwat Tiprasaharn

Peerapat Samatathanyakorn

CVE-2025-14793 Data

JSON