CVE-2022-4321

Name of the Vulnerable Software and Affected Versions PDF Generator for WordPress plugin versions prior to 1.1.2

Description The issue is related to a Reflected Cross-Site Scripting susceptibility in a vendored dompdf example file included in the PDF Generator for WordPress plugin. This could be exploited against high-privilege users, such as administrators. The vulnerability is associated with the lack of protection measures for the web page structure, potentially allowing a remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the dompdf example file to minimize the risk of exploitation.