Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mpdf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27962
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a up to and including 3.7.1.
6.1
CVSSv3
CVE-2022-45448
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will ...
Prestashop M4 Pdf
4.3
CVSSv3
CVE-2021-4416
The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated malicious users to save pos...
Wp-mpdf Project Wp-mpdf
8.8
CVSSv3
CVE-2019-1000005
mPDF version 7.1.7 and previous versions contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must hos...
Mpdf Project Mpdf
10
CVSSv3
CVE-2018-19047
mPDF up to and including 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer dispu...
Mpdf Project Mpdf
NA
CVE-2011-5219
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Mpdf1 Mpdf
Mpdf1 Mpdf 5.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started