1 results (0.021 seconds)
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4321 – PDF Generator for WordPress < 1.1.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2022-4321
16 Jan 2023 — The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin The PDF Generator for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via vendored example files that employ various parameters (such as ‘city’) in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for u... • https://wpscan.com/vulnerability/6ac1259c-86d9-428b-ba98-7f3d07910644 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •