CVE-2022-0535: E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
First published: Mon Mar 07 2022(Updated: )
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| E2pdf | <1.16.45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue with the E2Pdf WordPress plugin?
The vulnerability ID for this issue with the E2Pdf WordPress plugin is CVE-2022-0535.
What is the severity level of CVE-2022-0535?
The severity level of CVE-2022-0535 is medium.
How does CVE-2022-0535 impact the E2Pdf WordPress plugin?
CVE-2022-0535 allows high privilege users to perform Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed.
What is the affected version of the E2Pdf WordPress plugin?
The affected version of the E2Pdf WordPress plugin is 1.16.45.
Are there any references or additional information about CVE-2022-0535?
Yes, you can find more information about CVE-2022-0535 at the following references: [1](https://plugins.trac.wordpress.org/changeset/2675049/e2pdf) and [2](https://wpscan.com/vulnerability/a4162e96-a3c5-4f38-a60b-aa3ed9508985).
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/e2pdf
- canonical/e2pdf