CVE-2025-59552
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Stored XSS.This issue affects Save as PDF: from n/a through <= 4.5.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-23
Generated
2026-05-27
AI Q&A
2025-09-22
EPSS Evaluated
2026-05-25
NVD
CVE-2025-59552
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
pdfcrowd save_as_pdf 4.5.2
pdfcrowd save_as_pdf 4.5.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-59552 is a Cross Site Scripting (XSS) vulnerability in the WordPress "Save as PDF" plugin up to version 4.5.2. It allows a malicious user with contributor-level access to inject malicious scripts such as redirects, advertisements, or other HTML payloads into the website. These scripts execute when visitors access the compromised site, potentially causing unauthorized actions or content manipulation. [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized actions, content manipulation, or redirecting visitors to malicious sites. Although the severity is considered low, it can still compromise the integrity and user experience of your website. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves checking if your WordPress site is running the Save as PDF plugin version 4.5.2 or earlier, as these versions are vulnerable. You can verify the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, monitoring for unusual script injections or unexpected redirects in web pages generated by the plugin may indicate exploitation. Specific commands are not provided in the resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the Save as PDF plugin to version 4.5.3 or later, where the vulnerability is fixed. If updating is not immediately possible, applying virtual patching (vPatching) offered by Patchstack can provide automatic protection against this vulnerability until the official patch is applied. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart