Reflected Cross-Site Scripting Vulnerability in PDFCrowd Plugin for WordPress

CVE-2026-0862

What is CVE-2026-0862?

The Save as PDF Plugin by PDFCrowd for WordPress suffers from a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping in the 'options' parameter. This flaw enables attackers to execute arbitrary web scripts on pages viewed by users if they manipulate victims into clicking specially crafted links. Particularly risky under default settings where the PDFCrowd API key is left blank (demo mode), this vulnerability poses significant security concerns for WordPress sites running affected plugin versions up to and including 4.5.5.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References