Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for PDF Generator for WordPress Elementor by redefiningtheweb

    CVE-2024-9935 (GCVE-0-2024-9935)

    Vulnerability from nvd – Published: 2024-11-16 03:20 – Updated: 2026-04-08 16:46
    VLAI
    Title
    PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download
    Summary
    The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    redefiningtheweb PDF Generator for WordPress Elementor Affected: 0 , ≤ 2.0.0 (semver)
    Create a notification for this product.
    redefiningtheweb pdf_generator_addon_for_elementor_page_builder Affected: 0 , ≤ 1.7.5 (custom)
        cpe:2.3:a:redefiningtheweb:pdf_generator_addon_for_elementor_page_builder:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Matthew Rollings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:redefiningtheweb:pdf_generator_addon_for_elementor_page_builder:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pdf_generator_addon_for_elementor_page_builder",
                "vendor": "redefiningtheweb",
                "versions": [
                  {
                    "lessThanOrEqual": "1.7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:42:43.697577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:14:19.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PDF Generator for WordPress Elementor",
              "vendor": "redefiningtheweb",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Rollings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:46:11.801Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36daf2af-1db3-4b35-8849-480212660b2f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pdf-generator-addon-for-elementor-page-builder/trunk/public/class-pdf-generator-addon-for-elementor-page-builder-public.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3197343%40pdf-generator-addon-for-elementor-page-builder\u0026new=3197343%40pdf-generator-addon-for-elementor-page-builder\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T15:00:29.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "PDF Generator Addon for Elementor Page Builder \u003c= 2.0.0 - Unauthenticated Arbitrary File Download"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-9935",
        "datePublished": "2024-11-16T03:20:45.226Z",
        "dateReserved": "2024-10-14T13:28:12.183Z",
        "dateUpdated": "2026-04-08T16:46:11.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9935 (GCVE-0-2024-9935)

    Vulnerability from cvelistv5 – Published: 2024-11-16 03:20 – Updated: 2026-04-08 16:46
    VLAI
    Title
    PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download
    Summary
    The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    redefiningtheweb PDF Generator for WordPress Elementor Affected: 0 , ≤ 2.0.0 (semver)
    Create a notification for this product.
    redefiningtheweb pdf_generator_addon_for_elementor_page_builder Affected: 0 , ≤ 1.7.5 (custom)
        cpe:2.3:a:redefiningtheweb:pdf_generator_addon_for_elementor_page_builder:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Matthew Rollings
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:redefiningtheweb:pdf_generator_addon_for_elementor_page_builder:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pdf_generator_addon_for_elementor_page_builder",
                "vendor": "redefiningtheweb",
                "versions": [
                  {
                    "lessThanOrEqual": "1.7.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T15:42:43.697577Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T15:14:19.116Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PDF Generator for WordPress Elementor",
              "vendor": "redefiningtheweb",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthew Rollings"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:46:11.801Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36daf2af-1db3-4b35-8849-480212660b2f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pdf-generator-addon-for-elementor-page-builder/trunk/public/class-pdf-generator-addon-for-elementor-page-builder-public.php#L133"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3197343%40pdf-generator-addon-for-elementor-page-builder\u0026new=3197343%40pdf-generator-addon-for-elementor-page-builder\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T15:00:29.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "PDF Generator Addon for Elementor Page Builder \u003c= 2.0.0 - Unauthenticated Arbitrary File Download"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-9935",
        "datePublished": "2024-11-16T03:20:45.226Z",
        "dateReserved": "2024-10-14T13:28:12.183Z",
        "dateUpdated": "2026-04-08T16:46:11.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }