Description
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Generator for WordPress: from n/a through <= 1.5.4.
Published: 2025-09-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WP Swings PDF Generator for WordPress contains a broken access control flaw that allows the generation of PDF documents without proper authentication. Based on the description, it is inferred that an attacker can request PDFs containing sensitive site or user information. The defect is identified as CWE‑862, indicating that the system fails to enforce appropriate permissions before processing the request.

Affected Systems

The vulnerability affects the WP Swings PDF Generator for WordPress plugin, specifically all releases from the initial version through and including 1.5.4. Users operating on these versions are potentially exposed to unauthorized PDF generation requests.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate severity, while the EPSS score of less than 1% indicates a low current exploitation probability. The flaw is not listed in the CISA KEV catalog, and based on the description, it is inferred that the vulnerability may be exploited via an unauthenticated HTTP request to the plugin’s PDF generation endpoint. The CVE description does not mention code execution or elevated privileges, and it is inferred that these are not part of the vulnerability.

Generated by OpenCVE AI on April 30, 2026 at 06:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WP Swings PDF Generator for WordPress to a release newer than 1.5.4 once it is available.
  • If an update is not available, configure the plugin or use custom code to restrict the PDF generation endpoint so that it is accessible only to authenticated users with appropriate capabilities.
  • Apply web application firewall rules to block or rate‑limit repeated requests to the PDF generation URL to reduce the risk of automated exploitation.

Generated by OpenCVE AI on April 30, 2026 at 06:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27392 Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. Missing Authorization vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Generator for WordPress: from n/a through <= 1.5.4.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 10 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpswings
Wpswings pdf Generator For Wordpress
Vendors & Products Wordpress
Wordpress wordpress
Wpswings
Wpswings pdf Generator For Wordpress

Tue, 09 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
Title WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
Wpswings Pdf Generator For Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:50.900Z

Reserved: 2025-09-06T04:45:16.549Z

Link: CVE-2025-58978

cve-icon Vulnrichment

Updated: 2025-09-09T17:32:04.472Z

cve-icon NVD

Status : Deferred

Published: 2025-09-09T17:16:11.757

Modified: 2026-04-23T15:33:58.970

Link: CVE-2025-58978

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T07:00:13Z

Weaknesses