The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Sat, 11 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Printfriendly
Printfriendly print\, Pdf\, Email By Printfriendly Wordpress Wordpress wordpress |
|
| Vendors & Products |
Printfriendly
Printfriendly print\, Pdf\, Email By Printfriendly Wordpress Wordpress wordpress |
Sat, 11 Jul 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
| Title | Print, PDF, Email by PrintFriendly <= 5.5.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'content_position_css' Parameter | |
| Weaknesses | CWE-79 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-11T03:44:22.090Z
Reserved: 2026-05-27T17:30:12.106Z
Link: CVE-2026-9738
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-11T06:15:02Z