Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-31373

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress E2Pdf plugin <= 1.20.27 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.

References

https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20… vdb-entry
https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20… vdb-entry
https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20… vdb-entry x_transferred
https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20… vdb-entry
https://patchstack.com/database/vulnerability/e2pdf/wordpress-e2pdf-plugin-1-20… vdb-entry x_transferred

Affected products

e2pdf

=<1.20.27

Matching in nixpkgs

pkgs.haskellPackages.line2pdf

Simple command-line utility to convert text into PDF

nixos-unstable -
- nixpkgs-unstable 0.0.7