Woocommerce Pdf Invoices& Packing Slips

woocommerce_pdf_invoices&_packing_slips

Vendor: Wpovernight • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24373 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Feb 19, 2025 Feb 4, 2025 6.3 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access...Show more woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-3047 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Apr 8, 2026 May 2, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated atta...Show more The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Show less
CVE-2024-3045 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Apr 8, 2026 May 2, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and...Show more The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-22147 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Apr 28, 2026 Jan 27, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooComme...Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.Show less
CVE-2022-47148 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Nov 21, 2024 Mar 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
CVE-2022-2537 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Nov 21, 2024 Aug 29, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scrip...Show more The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.Show less
CVE-2022-2092 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Nov 21, 2024 Jul 11, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
CVE-2021-24991 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Nov 21, 2024 Jan 3, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the adm...Show more The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboardShow less
CVE-2017-18506 1Wpovernight 1Woocommerce Pdf Invoices& Packing Slips Nov 21, 2024 Aug 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.