CVE-2026-12407: CWE-862 Missing Authorization in oleksandrz E2Pdf – Export Pdf Tool for WordPress
The E2Pdf – Export Pdf Tool for WordPress plugin suffers from a missing authorization vulnerability in versions up to and including 1.32.26. The vulnerability arises because the screen_action() function lacks proper capability checks and nonce verification, allowing an attacker with a custom role granted the e2pdf_templates capability to overwrite arbitrary WordPress options. This can lead to privilege escalation to administrator by modifying sensitive options such as default_role.
AI Analysis
Technical Summary
CVE-2026-12407 is a missing authorization vulnerability (CWE-862) in the E2Pdf – Export Pdf Tool for WordPress plugin. The issue occurs because the screen_action() function does not perform a dedicated capability check or nonce verification, bypassing the nonce gate in index_action(). It reads attacker-controlled data from $_POST['wp_screen_options'] and passes it directly to update_option() without an allowlist. The plugin's permissions UI allows administrators to grant the e2pdf_templates capability to any role, including low-privilege roles like Subscriber or Contributor. An authenticated attacker with such a role can exploit this to overwrite critical WordPress options, such as default_role, thereby escalating privileges to administrator.
Potential Impact
An authenticated user with a role granted the e2pdf_templates capability can overwrite arbitrary WordPress options, including default_role, enabling privilege escalation to administrator. This compromises the confidentiality, integrity, and availability of the WordPress site, as the attacker gains full administrative control.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict the assignment of the e2pdf_templates capability to trusted roles only and avoid granting it to low-privilege roles such as Subscriber, Contributor, Author, or Editor. Monitor for updates from the plugin vendor and apply official patches once released.
CVE-2026-12407: CWE-862 Missing Authorization in oleksandrz E2Pdf – Export Pdf Tool for WordPress
Description
The E2Pdf – Export Pdf Tool for WordPress plugin suffers from a missing authorization vulnerability in versions up to and including 1.32.26. The vulnerability arises because the screen_action() function lacks proper capability checks and nonce verification, allowing an attacker with a custom role granted the e2pdf_templates capability to overwrite arbitrary WordPress options. This can lead to privilege escalation to administrator by modifying sensitive options such as default_role.
CVSS v3.1
Score 8.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12407 is a missing authorization vulnerability (CWE-862) in the E2Pdf – Export Pdf Tool for WordPress plugin. The issue occurs because the screen_action() function does not perform a dedicated capability check or nonce verification, bypassing the nonce gate in index_action(). It reads attacker-controlled data from $_POST['wp_screen_options'] and passes it directly to update_option() without an allowlist. The plugin's permissions UI allows administrators to grant the e2pdf_templates capability to any role, including low-privilege roles like Subscriber or Contributor. An authenticated attacker with such a role can exploit this to overwrite critical WordPress options, such as default_role, thereby escalating privileges to administrator.
Potential Impact
An authenticated user with a role granted the e2pdf_templates capability can overwrite arbitrary WordPress options, including default_role, enabling privilege escalation to administrator. This compromises the confidentiality, integrity, and availability of the WordPress site, as the attacker gains full administrative control.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict the assignment of the e2pdf_templates capability to trusted roles only and avoid granting it to low-privilege roles such as Subscriber, Contributor, Author, or Editor. Monitor for updates from the plugin vendor and apply official patches once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-06-16T14:20:41.938Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a337200f198dc38c11589d2
Added to database: 6/18/2026, 4:20:16 AM
Last enriched: 6/18/2026, 4:35:00 AM
Last updated: 6/18/2026, 5:39:47 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.