Description
Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the E2Pdf e2pdf WordPress plugin. The CVE description indicates that the flaw allows exploitation of incorrectly configured access control security levels, leading to unauthorized operations within the plugin's functionality. The weakness is identified as CWE-862 (Missing Authorization).

Affected Systems

All installations of the E2Pdf e2pdf WordPress plugin from the earliest released version through version 1.28.15 are impacted. This includes any site that has the plugin enabled regardless of WordPress user role or site size.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of public exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the likely attack vector is a web-based request to the plugin’s endpoints, where an attacker could subvert access controls to perform unauthorized actions.

Generated by OpenCVE AI on March 19, 2026 at 17:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest E2Pdf e2pdf plugin update once available
  • Restrict access to the plugin’s functionality by limiting user roles or disabling the plugin for roles that do not require it
  • Monitor WordPress logs for anomalous access patterns related to PDF generation and retrieval
  • Regularly check the vendor’s website or official update channels for patches or advisories

Generated by OpenCVE AI on March 19, 2026 at 17:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared E2pdf
E2pdf e2pdf
Wordpress
Wordpress wordpress
Vendors & Products E2pdf
E2pdf e2pdf
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.
Title WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

E2pdf E2pdf
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:17.515Z

Reserved: 2026-03-12T11:11:35.694Z

Link: CVE-2026-32442

cve-icon Vulnrichment

Updated: 2026-03-13T18:53:31.160Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:55:04.683

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32442

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:22Z

Weaknesses