cbcvebase.

Wpovernight Woocommerce Pdf Invoices Packing Slips vulnerabilities

9 known vulnerabilities affecting wpovernight/woocommerce_pdf_invoices_packing_slips.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2024-3047P3HIGHCVSS 7.2fixed in 3.8.12024-05-02
CVE-2024-3047 [HIGH] CWE-918 CVE-2024-3047: The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side R The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information
nvd
CVE-2021-24991P4MEDIUMCVSS 4.8PoCfixed in 2.10.52022-01-03
CVE-2021-24991 [MEDIUM] CWE-79 CVE-2021-24991: The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
nvd
CVE-2024-22147P3HIGHCVSS 7.2≤ 3.7.52024-01-27
CVE-2024-22147 [HIGH] CWE-89 CVE-2024-22147: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.
nvd
CVE-2025-24373P3MEDIUMCVSS 6.5fixed in 4.0.02025-02-04
CVE-2025-24373 [MEDIUM] CWE-200 CVE-2025-24373: woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automat woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `
nvd
CVE-2024-3045P4MEDIUMCVSS 6.1fixed in 3.8.12024-05-02
CVE-2024-3045 [MEDIUM] CWE-79 CVE-2024-3045: The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross- The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute when
nvd
CVE-2017-18506P4MEDIUMCVSS 6.1fixed in 2.0.132019-08-12
CVE-2017-18506 [MEDIUM] CWE-79 CVE-2017-18506: The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
nvd
CVE-2022-2092P4MEDIUMCVSS 6.1fixed in 2.16.02022-07-11
CVE-2022-2092 [MEDIUM] CWE-79 CVE-2022-2092: The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a paramet The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
nvd
CVE-2022-2537P4MEDIUMCVSS 6.1≥ 2.14.0, < 3.0.12022-08-29
CVE-2022-2537 [MEDIUM] CWE-79 CVE-2022-2537: The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and esc The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
nvd
CVE-2022-47148P4MEDIUMCVSS 4.3fixed in 3.2.62023-03-01
CVE-2022-47148 [MEDIUM] CWE-352 CVE-2022-47148: Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for Woo Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
nvd
Wpovernight Woocommerce Pdf Invoices Packing Slips vulnerabilities | cvebase