CVE-2024-27962

Name of the Vulnerable Software and Affected Versions wp-mpdf versions 3.7.1 and earlier

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited by injecting malicious scripts into web pages.

Recommendations For wp-mpdf versions 3.7.1 and earlier, consider disabling the web page generation functionality until a patch is available. Restrict access to the affected module to minimize the risk of exploitation. Avoid using user-inputted data in the generation of web pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.