What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
PDF Creator Lite versions 1.2 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions within the plugin without the admin's knowledge or consent. The attack requires the victim to visit the attacker's page while authenticated to the WordPress site.
What an attacker can do
Perform unwanted actions in the plugin on behalf of a logged-in administrator without their knowledge.
Potential impact on your site
An attacker can modify plugin settings, create malicious PDFs, or alter site configuration if an admin visits a compromised page.
Conditions required to exploit
Administrator must be logged in and visit an attacker-controlled webpage while authenticated.
Key dates
External resources
Related vulnerabilities