Wpovernight

Woocommerce Pdf Invoices& Packing Slips

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-24373

  • EPSS 0.09%
  • Veröffentlicht 04.02.2025 19:15:33
  • Zuletzt bearbeitet 19.02.2025 15:45:13

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store...

5.3

CVE-2024-50421

  • EPSS 0.1%
  • Veröffentlicht 29.10.2024 22:15:04
  • Zuletzt bearbeitet 01.11.2024 12:57:35

Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6.

7.2

CVE-2024-3047

  • EPSS 0.45%
  • Veröffentlicht 02.05.2024 17:15:22
  • Zuletzt bearbeitet 11.02.2025 16:36:26

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to ...

6.1

CVE-2024-3045

  • EPSS 2.27%
  • Veröffentlicht 02.05.2024 17:15:21
  • Zuletzt bearbeitet 11.02.2025 17:02:05

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes i...

7.2

CVE-2024-22147

  • EPSS 0.15%
  • Veröffentlicht 27.01.2024 00:15:24
  • Zuletzt bearbeitet 21.11.2024 08:55:40

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.

4.3

CVE-2022-47148

  • EPSS 0.07%
  • Veröffentlicht 01.03.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:31:35

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

6.1

CVE-2022-2537

Exploit
  • EPSS 0.29%
  • Veröffentlicht 29.08.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:01:12

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

6.1

CVE-2022-2092

Exploit
  • EPSS 0.2%
  • Veröffentlicht 11.07.2022 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:00:18

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

4.8

CVE-2021-24991

Exploit
  • EPSS 3.36%
  • Veröffentlicht 03.01.2022 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:08

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

6.1

CVE-2017-18506

  • EPSS 0.49%
  • Veröffentlicht 12.08.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 03:20:16

The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.