Vulnerabilities and security researches forwoocommerce-pdf-invoices-packing-slips woocommerce-pdf-invoices-packing-slips
Direction: ascendingJun 06, 2024
PDF Invoices & Packing Slips for WooCommerce # CVE-2021-24991
- CVE, Research URL
- Application
- Date
- Jan 03, 2022
- Research Description
- The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
- Affected versions
-
max 2.10.5.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2022-2092
- CVE, Research URL
- Application
- Date
- Jul 11, 2022
- Research Description
- The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
- Affected versions
-
max 2.16.0.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2022-47148
- CVE, Research URL
- Application
- Date
- Mar 01, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
- Affected versions
-
max 2.15.0.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2024-22147
- CVE, Research URL
- Application
- Date
- Jan 27, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.
- Affected versions
-
max 3.7.6.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2017-18506
- CVE, Research URL
- Application
- Date
- Aug 12, 2019
- Research Description
- The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
- Affected versions
-
max 2.15.0.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2024-3045
- CVE, Research URL
- Application
- Date
- May 02, 2024
- Research Description
- The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.8.1.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2022-2537
- CVE, Research URL
- Application
- Date
- Aug 29, 2022
- Research Description
- The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
- Affected versions
-
max 2.15.
- Status
-
vulnerable
PDF Invoices & Packing Slips for WooCommerce # CVE-2024-3047
- CVE, Research URL
- Application
- Date
- May 02, 2024
- Research Description
- The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
- Affected versions
-
max 3.8.1.
- Status
-
vulnerable
Oct 27, 2024
PDF Invoices & Packing Slips for WooCommerce # CVE-2024-50421
- CVE, Research URL
- Application
- Date
- Oct 30, 2024
- Research Description
- Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6.
- Affected versions
-
max 3.8.7.
- Status
-
vulnerable
Jan 09, 2026
PDF Invoices & Packing Slips for WooCommerce # CVE-2025-67589
- CVE, Research URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.
- Affected versions
-
max 4.9.1.
- Status
-
vulnerable
Apr 15, 2026
PDF Invoices & Packing Slips for WooCommerce # CVE-2026-1906
- CVE, Research URL
- Application
- Date
- Feb 18, 2026
- Research Description
- The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.
- Affected versions
-
max 5.7.0.
- Status
-
vulnerable