Vulnerabilities: 2

  • Resolved auso79

    (@auso79)


    1 month, 1 week ago

    Hi,

    The plugin will be updated with a more up-to-date version of PDF.JS because the current version 2.2.228 is vulnerable.

    The following CVE(s) affect this library version:

    ? CVE-2024-4367

    ? CVE-2024-34342

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author Slava Abakumov

    (@slaffik)

    Hello there,

    Thank you for the provided information. We would appreciate the responsible disclosure though through our site: https://wp-pdf.com/contact/

    Anyway, the CVE-2024-4367 is not applicable because the mitigation was put in place by disabling the font-rendering bug that resulted in the vulnerability. This has been addressed in v4.8.0 and confirmed as fixed by security researchers.

    And CVE-2024-34342 is not applicable at all because it’s about the react-pdf library that our plugin does not have and does not use in its codebase and/or functionality.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.