Title: PDF.js < 4.2.67 – Arbitrary JavaScript Execution Last modified: June 3, 2024 --- # PDF.js < 4.2.67 – Arbitrary JavaScript Execution * Resolved [Zade](https://wordpress.org/support/users/nothin7/) * (@nothin7) * [2 years ago](https://wordpress.org/support/topic/pdf-js-4-2-67-arbitrary-javascript-execution/) * Hi, * Can you let me know if and when you’ll be addressing the vulnerability with your plugin’s embedded PDF.js script? * PDF.js < 4.2.67 – Arbitrary JavaScript Execution PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. **Source: [Wordfence](https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce7aa01-7e79-4048-a84d-fcb9541d5f8b?source=api-prod)** * Thanks! Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [Slava Abakumov](https://wordpress.org/support/users/slaffik/) * (@slaffik) * [2 years ago](https://wordpress.org/support/topic/pdf-js-4-2-67-arbitrary-javascript-execution/#post-17799814) * Hello, * We are aware of this issue and it will be fixed with tomorrow’s release of v4.8.0 🙂 * [mostodle](https://wordpress.org/support/users/mostodle/) * (@mostodle) * [2 years ago](https://wordpress.org/support/topic/pdf-js-4-2-67-arbitrary-javascript-execution/#post-17801727) * . - This reply was modified 2 years ago by [mostodle](https://wordpress.org/support/users/mostodle/). Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘PDF.js < 4.2.67 – Arbitrary JavaScript Execution’ is closed to new replies. * ![](https://ps.w.org/pdf-embedder/assets/icon.svg?rev=3227003) * [PDF Embedder](https://wordpress.org/plugins/pdf-embedder/) * [Frequently Asked Questions](https://wordpress.org/plugins/pdf-embedder/#faq) * [Support Threads](https://wordpress.org/support/plugin/pdf-embedder/) * [Active Topics](https://wordpress.org/support/plugin/pdf-embedder/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pdf-embedder/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pdf-embedder/reviews/) * 2 replies * 3 participants * Last reply from: [mostodle](https://wordpress.org/support/users/mostodle/) * Last activity: [2 years ago](https://wordpress.org/support/topic/pdf-js-4-2-67-arbitrary-javascript-execution/#post-17801727) * Status: resolved