Browse all 5 CVE security advisories affecting E2Pdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.
E2Pdf primarily converts web content to PDF documents, serving as a web-to-PDF solution for businesses. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to unsafe deserialization and improper input validation, along with cross-site scripting flaws through unsanitized output. The application has also faced privilege escalation issues where users could access restricted functions or data. Security researchers have identified at least five CVEs, with some allowing arbitrary code execution through crafted PDF requests. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the tool for document generation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32442 | WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability — e2pdfCWE-862 | 5.0 | Medium | 2026-03-13 |
| CVE-2025-62068 | WordPress e2pdf plugin <= 1.28.09 - Cross Site Scripting (XSS) vulnerability — e2pdfCWE-79 | 6.5 | Medium | 2025-10-22 |
| CVE-2024-37415 | WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability — e2pdfCWE-862 | 5.4 | Medium | 2024-11-01 |
| CVE-2024-43318 | WordPress E2Pdf – Export To Pdf Tool for WordPress plugin <= 1.25.05 - Cross Site Scripting (XSS) vulnerability — e2pdfCWE-79 | 6.5 | Medium | 2024-08-18 |
| CVE-2024-31373 | WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability — e2pdfCWE-352 | 5.4 | Medium | 2024-04-15 |
This page lists every published CVE security advisory associated with E2Pdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.