CVE-2024-3047
published 2024-05-02CVE-2024-3047: The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via…
PriorityP344high7.2CVSS 3.1
AVNACLPRNUINSCCLILAN
EPSS
0.40%
32.1th percentile
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpovernight | pdf_invoices_packing_slips_for_woocommerce | <= 3.8.0 | — |
| wpovernight | woocommerce_pdf_invoices_packing_slips | < 3.8.1 | 3.8.1 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xgmh-f6r2-39xq: The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3
ghsa_unreviewed·2024-05-02
CVE-2024-3047 [HIGH] CWE-918 GHSA-xgmh-f6r2-39xq: The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Red Hat
kernel: net/smc: initialize close_work early to avoid warning
vendor_redhat·2024-12-27·CVSS 5.5
CVE-2024-56641 [MEDIUM] CWE-665 kernel: net/smc: initialize close_work early to avoid warning
kernel: net/smc: initialize close_work early to avoid warning
In the Linux kernel, the following vulnerability has been resolved:
net/smc: initialize close_work early to avoid warning
We encountered a warning that close_work was canceled before
initialization.
WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0
Workqueue: events smc_lgr_terminate_work [smc]
RIP: 0010:__flush_work+0x19e/0x1b0
Call Trace:
? __wake_up_common+0x7a/0x190
? work_busy+0x80/0x80
__cancel_work_timer+0xe3/0x160
smc_close_cancel_work+0x1a/0x70 [smc]
smc_close_active_abort+0x207/0x360 [smc]
__smc_lgr_terminate.part.38+0xc8/0x180 [smc]
process_one_work+0x19e/0x340
worker_thread+0x30/0x370
? process_one_work+0x340/0x340
kthread+0x117/0x130
? __kthread_cancel_work+0x50/0x50
ret_from_fork+0x22
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3076105/https://www.wordfence.com/threat-intel/vulnerabilities/id/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=cvehttps://plugins.trac.wordpress.org/changeset/3076105/https://www.wordfence.com/threat-intel/vulnerabilities/id/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=cve
2024-05-02
Published