CVE-2019-1000031

HIGH

article2pdf <0.28 - Info Disclosure

Title source: llm

Description

A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Mar/49

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/9246

Scores

CVSS v3 7.5

EPSS 0.0165

EPSS Percentile 81.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

article2pdf_project/article2pdf < 0.27

Timeline

Published Mar 27, 2019

Tracked Since Feb 18, 2026