PT-2026-3223 · WordPress · Dk Pdf – Wordpress Pdf Generator
Athiwat Tiprasaharn
+1
·
Published
2026-01-16
·
Updated
2026-01-16
·
CVE-2025-14793
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DK PDF – WordPress PDF Generator plugin versions prior to 2.3
Description
The DK PDF – WordPress PDF Generator plugin for WordPress is susceptible to Server-Side Request Forgery. This allows authenticated attackers with author-level access or higher to make web requests to arbitrary locations from the web application. Exploitation can lead to querying and modifying information from internal services via the
addContentToMpdf function.Recommendations
Update the DK PDF – WordPress PDF Generator plugin to version 2.3 or later.
As a temporary workaround, consider restricting access for users with author-level permissions or higher.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dk Pdf – Wordpress Pdf Generator