CVE-2026-12407
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
The E2Pdf – Export Pdf Tool for WordPress plugin is vulnerable to Missing Authorization in versions up to and including 1.32.26. The screen_action() function lacks a dedicated capability check and nonce verification, allowing attackers to overwrite WordPress options.
Risk Assessment
Authenticated attackers with the appropriate permissions can gain access to WordPress options, potentially escalating their privileges to administrator level. This poses a serious security threat to the entire site.
Recommendation
It is recommended to update the E2Pdf plugin to the latest version to mitigate this vulnerability. Additionally, access to the e2pdf_templates capability should be restricted to trusted roles only.
Original NVD description (English source)
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screen_action() function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path the controller's index_action() nonce gate is bypassed entirely — while reading an attacker-controlled option name and value from $_POST['wp_screen_options'] and passing them directly to update_option() with no allowlist, relying solely on the page-level e2pdf_templates capability which the plugin's own Permissions UI allows administrators to grant to any role including Subscriber, Contributor, Author, or Editor. This makes it possible for authenticated attackers, with a custom role that has been granted the e2pdf_templates capability, to overwrite arbitrary WordPress options such as default_role and thereby escalate their privileges to administrator.

