← back
CVE-2025-32583

WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability

CVSS 9.9 CRITICALEPSS 12.2%CWE-94
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
termel · PDF 2 Post
public PoCs found2
githubgithub.com/Nxploited/CVE-2025-325832githubgithub.com/GadaLuBau1337/CVE-2025-325832
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/Wordpress/Plugin/pdf2post/vulnerability/wordpress-pdf-2-post-plugin-2-4-0-remote-code-execution-rce-vulnerability?_s_id=cve