[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY9G5FMOgNB3sG7yxUrTngHZ6e910OvmCt4_B5deyV4E":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-42681","e2pdf-export-pdf-tool-for-wordpress-reflected-cross-site-scripting","E2Pdf – Export Pdf Tool for WordPress \u003C= 1.32.14 - Reflected Cross-Site Scripting","The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.32.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","e2pdf",null,"\u003C=1.32.14","1.32.15","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-18 00:00:00","2026-05-26 19:33:23",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd7ebf70c-8b63-4918-a262-1c95a06882c3?source=api-prod",9,[22,23,24,25,26,27,28,29],"classes\u002Fcontroller\u002Fe2pdf-templates.php","classes\u002Fextension\u002Fe2pdf-caldera.php","classes\u002Fextension\u002Fe2pdf-divi.php","classes\u002Fextension\u002Fe2pdf-elementor.php","classes\u002Fextension\u002Fe2pdf-everest.php","classes\u002Fextension\u002Fe2pdf-fluent.php","classes\u002Fextension\u002Fe2pdf-formidable.php","classes\u002Fextension\u002Fe2pdf-forminator.php","researched",false,3,"# Exploitation Research Plan - CVE-2026-42681 (E2Pdf Reflected XSS)\n\n## 1. Vulnerability Summary\nThe **E2Pdf – Export Pdf Tool for WordPress** plugin (versions \u003C= 1.32.14) is vulnerable to **Reflected Cross-Site Scripting (XSS)**. The vulnerability exists because the plugin fails to properly sanitize and escape user-supplied input before reflecting it back onto the page. Specifically, parameters used in the administration dashboard (such as `s` for search or `status` in the templates list) are reflected in the response. Since the plugin is designed to handle unauthenticated \"View\" or \"Download\" requests in some configurations, and admin pages reflect these parameters, an attacker can craft a malicious URL to execute arbitrary JavaScript in the context of a victim's browser (typically an administrator).\n\n## 2. Attack Vector Analysis\n- **Endpoint**: `wp-admin\u002Fadmin.php`\n- **Page**: `e2pdf-templates` (and potentially `e2pdf-settings` or `e2pdf-export`)\n- **Vulnerable Parameters**: `s` (Search), `status`, `orderby`, `order`.\n- **Authentication**: **Unauthenticated** (Attacker), **Administrator** (Victim).\n- **Preconditions**: An administrator must be logged in and must click a malicious link generated by the attacker.\n- **Payload Type**: Reflected XSS via GET parameter.\n\n## 3. Code Flow\nThe vulnerability originates","The E2Pdf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) in versions up to 1.32.14. This vulnerability exists because the plugin fails to properly sanitize and escape administrative parameters such as 's', 'status', 'orderby', and 'order' before reflecting them in the administration dashboard, allowing attackers to execute arbitrary JavaScript in the context of an administrator's browser session.","\u002F* classes\u002Fcontroller\u002Fe2pdf-templates.php line 33 *\u002F\nif ($this->post->get('s')) {\n    $location = $this->helper->get_url(\n            array(\n                'page' => 'e2pdf-templates',\n                'status' => $this->get->get('status'),\n                'orderby' => $this->get->get('orderby'),\n                'order' => $this->get->get('order'),\n                's' => $this->post->get('s'),\n            )\n    );\n} else {\n    $location = $this->helper->get_url(\n            array(\n                'page' => 'e2pdf-templates',\n                'status' => $this->get->get('status'),\n                'orderby' => $this->get->get('orderby'),\n                'order' => $this->get->get('order'),\n            )\n    );\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fe2pdf\u002F1.32.11\u002Fclasses\u002Fcontroller\u002Fe2pdf-templates.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fe2pdf\u002F1.32.15\u002Fclasses\u002Fcontroller\u002Fe2pdf-templates.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fe2pdf\u002F1.32.11\u002Fclasses\u002Fcontroller\u002Fe2pdf-templates.php\t2026-04-01 11:18:20.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fe2pdf\u002F1.32.15\u002Fclasses\u002Fcontroller\u002Fe2pdf-templates.php\t2026-04-22 12:52:22.000000000 +0000\n@@ -1324,21 +1324,21 @@\n                 if ($extension->method('merged_items')) {\n                     $select = new stdClass();\n                     $select->id = '-2';\n-                    $select->url = 'javascript:void(0);';\n+                    $select->url = '';\n                     $select->name = __('Merged Connections', 'e2pdf');\n                     array_unshift($content, $select);\n                 }\n                 if ($extension->method('auto_form')) {\n                     $select = new stdClass();\n                     $select->id = '-1';\n-                    $select->url = 'javascript:void(0);';\n+                    $select->url = '';\n                     $select->name = __('Auto Form from PDF', 'e2pdf');\n                     array_unshift($content, $select);\n                 }\n             }\n             $select = new stdClass();\n             $select->id = '';\n-            $select->url = 'javascript:void(0);';\n+            $select->url = '';\n             $select->name = __('--- Select ---', 'e2pdf');\n             array_unshift($content, $select);\n             $response = array(","To exploit this vulnerability, an attacker identifies the 'e2pdf-templates' admin page at 'wp-admin\u002Fadmin.php?page=e2pdf-templates'. A malicious URL is crafted by appending a JavaScript payload to one of the vulnerable parameters, for example: 'wp-admin\u002Fadmin.php?page=e2pdf-templates&s=\">\u003Cscript>alert(origin)\u003C\u002Fscript>'. The attacker then social engineers an authenticated administrator into clicking the link. When the page loads, the plugin reflects the malicious input in the administrative interface without proper output escaping, leading to the execution of the injected script in the context of the administrator's session.","gemini-3-flash-preview","2026-06-04 22:54:27","2026-06-04 22:56:15",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","1.32.11","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fe2pdf\u002Ftags\u002F1.32.11","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fe2pdf.1.32.11.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fe2pdf\u002Ftags\u002F1.32.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fe2pdf.1.32.15.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fe2pdf\u002Ftags"]