Vulnerabilities and security researches forwoocommerce-delivery-notes woocommerce-delivery-notes

Feb 27, 2026

CVE, Research URL: CVE-2026-24946
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Feb 20, 2026
Research Description: Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
Affected versions: max 5.8.0.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-13773
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Dec 24, 2025
Research Description: The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.
Affected versions: max 5.9.0.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: CVE-2025-49239
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Jun 06, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0.
Affected versions: max 5.6.0.
Status: vulnerable

Mar 08, 2025

CVE, Research URL: CVE-2024-13640
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Mar 08, 2025
Research Description: The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled.
Affected versions: max 5.5.0.
Status: vulnerable

Dec 25, 2024

CVE, Research URL: CVE-2024-12210
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Dec 24, 2024
Research Description: The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.
Affected versions: max 5.4.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-46795
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.
Affected versions: max 4.7.3.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-4233
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: May 08, 2024
Research Description: Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3.
Affected versions: max 4.9.0.
Status: vulnerable

CVE, Research URL: CVE-2023-0479
Home page URL: Security reports for Print Invoice & Delivery Notes for WooCommerce
Application: Print Invoice & Delivery Notes for WooCommerce
Date: Jan 16, 2024
Research Description: The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.
Affected versions: max 4.7.2.
Status: vulnerable