What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from n/a through <= 1.6.2.
Explanation of Vulnerability in Simple Terms
02Summary
The PDF Generator for WordPress plugin through version 1.6.2 contains a server-side request forgery vulnerability. An unauthenticated attacker can make the site send HTTP requests to internal or external systems on the attacker's behalf. This could expose internal services, retrieve sensitive data, or interact with backend systems the site has access to.
What an attacker can do
03Attacker Capabilities
Make the site send HTTP requests to internal or external systems without authorization.
Potential impact on your site
04Site Impact
Attackers can probe your internal network, access internal services, or retrieve data from systems your site can reach.
Conditions required to exploit
05Prerequisites
None. The vulnerability is accessible over the network without authentication or user interaction.
Key dates
06Disclosure timeline
July 13, 2026
CVE published