PT-2026-4617 · WordPress · Save As Pdf Plugin For Wordpress

Arkadiusz Hydzik

Publicado

2026-01-24

Atualizado

2026-01-25

CVE-2026-0862

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Save as PDF Plugin for WordPress versions prior to 4.5.6

Description The Save as PDF Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the options parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires a user to perform an action, such as clicking a link. Exploitation is also dependent on the PDFCrowd API key being blank (demo mode, the default installation state) or known.

Recommendations Update the Save as PDF Plugin for WordPress to version 4.5.6 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-0862

Produtos afetados

Save As Pdf Plugin For Wordpress

PT-2026-4617 · WordPress · Save As Pdf Plugin For Wordpress

CVE-2026-0862

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6