HIGH
oleksandrz
CVE published 2026-06-18
CVE-2026-12407
The E2Pdf – Export Pdf Tool for WordPress plugin versions up to 1.32.26 is vulnerable to Missing Authorization. This vulnerability allows authenticated attackers with a custom role granted the e2pdf_templates capability to overwrite arbitrary WordPress options, potentially escalating privileges to administrator. The issue arises from the screen_action() function lacking a dedicated capability check and no [truncated]