CVE-2023-46154 MEDIUM

CVE-2023-46154: WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection

Vendor E2Pdf.com
Product E2Pdf – Export To Pdf Tool for WordPress
Weakness CWE-502 · Unsafe deserialization
Published December 18, 2023
Last update April 28, 2026

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.

Key dates

02Disclosure timeline

December 18, 2023 CVE published
April 28, 2026 Record updated