Vulnerabilities and security researches forinvoice-payment-for-woocommerce invoice-payment-for-woocommerce

Dec 15, 2024

CVE, Research URL: CVE-2024-54328
Home page URL: Security reports for Invoice Payment for WooCommerce
Application: Invoice Payment for WooCommerce
Date: Dec 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Nacional Invoice Payment for WooCommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through 1.7.2.
Affected versions: max 1.7.2.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2025-14971
Home page URL: Security reports for Invoice Payment for WooCommerce
Application: Invoice Payment for WooCommerce
Date: Jan 27, 2026
Research Description: The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.
Affected versions: max 2.8.1.
Status: vulnerable