| CVE-2024-1334 | ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization | imagerecycle | ImageRecycle pdf & image compression | Medium | 4.3 | 2024-02-20 18:56:18 | Deep Dive |
| CVE-2024-1648 | electron-pdf 20.0.0 - Local File Read via Server Side XSS | electron-pdf | electron-pdf | High | 7.5 | 2024-02-20 00:01:51 | Deep Dive |
| CVE-2023-6953 | PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting | wpmanageninja | Fluent PDF Generator | Medium | 4.9 | 2024-02-05 21:21:59 | Deep Dive |
| CVE-2024-0895 | PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting | dearhive | Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | Medium | 5.4 | 2024-02-03 05:38:32 | Deep Dive |
| CVE-2024-23505 | WordPress PDF Viewer & 3D PDF Flipbook – DearPDF Plugin <= 2.0.38 is vulnerable to Cross Site Scripting (XSS) | DearHive | PDF Viewer & 3D PDF Flipbook – DearPDF | Medium | 6.5 | 2024-01-31 15:23:42 | Deep Dive |
| CVE-2024-23508 | WordPress PDF Poster - PDF Embedder Plugin for WordPress Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS) | bPlugins | PDF Poster – PDF Embedder Plugin for WordPress | High | 7.1 | 2024-01-31 15:21:17 | Deep Dive |
| CVE-2024-22147 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection | WP Overnight | PDF Invoices & Packing Slips for WooCommerce | High | 7.6 | 2024-01-26 23:15:03 | Deep Dive |
| CVE-2023-6776 | 3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function | iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 6.4 | 2024-01-11 08:32:35 | Deep Dive |
| CVE-2023-7068 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 4.3 | 2024-01-03 08:29:48 | Deep Dive |
| CVE-2023-6986 | EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | wpdevteam | EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more | Medium | 6.4 | 2024-01-03 06:41:25 | Deep Dive |
| CVE-2023-50849 | WordPress e2pdf Plugin <= 1.20.23 is vulnerable to SQL Injection | E2Pdf.com | E2Pdf – Export To Pdf Tool for WordPress | High | 7.6 | 2023-12-28 11:34:41 | Deep Dive |
| CVE-2023-46154 | WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection | E2Pdf.com | E2Pdf – Export To Pdf Tool for WordPress | Medium | 6.6 | 2023-12-18 23:52:53 | Deep Dive |
| CVE-2023-6826 | E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload | oleksandrz | E2Pdf – Export Pdf Tool for WordPress | High | 7.2 | 2023-12-15 07:30:41 | Deep Dive |
| CVE-2023-46250 | pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF | py-pdf | pypdf | Medium | 5.1 | 2023-10-31 15:23:33 | Deep Dive |
| CVE-2023-46076 | WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS) | RedNao | WooCommerce PDF Invoice Builder, Create invoices, packing slips and more | High | 7.1 | 2023-10-26 12:05:36 | Deep Dive |
| CVE-2023-5110 | BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | bannersky | BSK PDF Manager | Medium | 6.4 | 2023-10-24 13:53:00 | Deep Dive |
| CVE-2023-25032 | WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS) | Print, PDF, & Email by PrintFriendly | Print, PDF, Email by PrintFriendly | Medium | 5.9 | 2023-10-24 11:37:05 | Deep Dive |
| CVE-2023-45646 | WordPress PDF Block Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS) | Henryholtgeerts | PDF Block | Medium | 6.5 | 2023-10-24 11:22:17 | Deep Dive |
| CVE-2023-40668 | WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) | Pdfcrowd | Save as PDF plugin by Pdfcrowd | Medium | 5.9 | 2023-09-27 06:31:06 | Deep Dive |
| CVE-2022-45448 | Cross-site Scripting in M4 PDF plugin for Prestashop sites | Prestashop | M4 PDF plugin | Low | 3.5 | 2023-09-20 12:14:58 | Deep Dive |