Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS.

This issue affects e2pdf: from n/a through 1.32.14.
Published: 2026-06-01
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input during web page generation that allows a reflected cross‑site scripting attack on the WordPress e2pdf plugin. An attacker can craft a request or link that contains JavaScript, which will be executed in the browser of any user who follows the link or submits the input. The flaw enables execution of arbitrary client‑side code within the victim’s browser, which may be used for page manipulation or data exfiltration within the session. The vulnerability is classified as CWE‑79.

Affected Systems

The affected product is the WordPress e2pdf plugin from E2Pdf.com. All installations using version 1.32.14 or earlier are vulnerable. The plugin is distributed through the WordPress ecosystem and can typically be installed via the plugins screen in a WordPress site.

Risk and Exploitability

The CVSS score is 7.1, indicating a high severity level. EPSS is not available and the issue is not listed in the CISA KEV catalog, suggesting no known public exploits yet. The likely attack vector is web‑based, leveraging a reflected input in the URL or form data. Based on the description, it is inferred that exploitation requires a user to visit the crafted URL or interact with the plugin’s input field, making it a client‑side vulnerability that can be triggered by social engineering or phishing.

Generated by OpenCVE AI on June 1, 2026 at 17:20 UTC.

Remediation

Vendor Solution

Update the WordPress e2pdf Plugin to the latest available version (at least 1.32.15).

OpenCVE Recommended Actions

  • Update the e2pdf plugin to version 1.32.15 or later, which removes the reflected XSS flaw.
  • If the plugin is not essential, disable or uninstall it to eliminate the attack surface.
  • Implement or strengthen web‑application firewall rules that filter out malicious scripts or suspicious characters in user input for all WordPress plugins.

Generated by OpenCVE AI on June 1, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14.
Title WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-01T16:18:08.230Z

Reserved: 2026-04-29T09:04:56.882Z

Link: CVE-2026-42681

cve-icon Vulnrichment

Updated: 2026-06-01T16:18:02.391Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T15:16:35.873

Modified: 2026-06-01T16:41:55.090

Link: CVE-2026-42681

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T17:30:16Z

Weaknesses