CVE-2025-14793
DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request ForgeryThe DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
We have discovered 1,506 live websites that are affected by CVE-2025-14793.
Affected Software
| Product |  Dk Pdf |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,506 live websites (100% of Dk Pdf install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 12 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-918 Server-Side Request Forgery (SSRF)Details
- Published - Jan 16, 2026
- Updated - Jan 16, 2026
Credits
- Athiwat Tiprasaharn (finder)
- Peerapat Samatathanyakorn (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14793 United States | 312 websites |
 Germany | 268 websites |
 France | 134 websites |
 Italy | 95 websites |
 Poland | 90 websites |
 Switzerland | 56 websites |
 GB | 56 websites |
 Spain | 54 websites |
 Netherlands | 49 websites |
 Russia | 29 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14793| .com | 441 websites |
| .de | 176 websites |
| .org | 114 websites |
| .fr | 73 websites |
| .it | 71 websites |
| .pl | 66 websites |
| .ch | 44 websites |
| .nl | 39 websites |
| .net | 33 websites |
| .es | 25 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14793
Top websites that are affected by CVE-2025-14793. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.ca |  Canada | **,*** | |
| ***************.org | Netherlands | **,*** | |
| ************.fr | France | **,*** | |
| **************.de | United States | **,*** | |
| ****.org | Germany | **,*** | |
| ****************.***.au |  Australia | **,*** | |
| *******.es | Spain | ***,*** | |
| *********.****.org | United States | ***,*** | |
| ****.at | Germany | ***,*** | |
| ******.*********.es | Spain | ***,*** |
FAQ
CVE-2025-14793 is Server-Side Request Forgery (SSRF) in Dk Pdf
A total of 1,506 websites have been identified as vulnerable to CVE-2025-14793, based on global website indexing conducted by WebTechSurvey.
The Dk Pdf is affected by the CVE-2025-14793 vulnerability.
Dk Pdf versions up to and including 2.3 are vulnerable to CVE-2025-14793.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b062f72a-542c-4212-af83-4faefbf69bd7?source=cve
- https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/Frontend/WordPressIntegration.php?marks=22-25#L22
- https://plugins.trac.wordpress.org/browser/dk-pdf/trunk/modules/PDF/Generator.php?marks=24-56#L24
- https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/modules/PDF/DocumentBuilder.php#L213
- https://plugins.trac.wordpress.org/browser/dk-pdf/tags/2.3.0/templates/dkpdf-index.php#L134