VYPR

Woocommerce PDF Invoices Packing Slips

by WordPress

Source repositories

CVEs (12)

  • CVE-2024-22147HigJan 27, 2024
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.

  • CVE-2026-39472HigJun 15, 2026
    risk 0.47cvss 7.2epss 0.00

    Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

  • CVE-2024-3047HigMay 2, 2024
    risk 0.40cvss 7.2epss 0.00

    The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations…

  • CVE-2024-3045HigMay 2, 2024
    risk 0.40cvss 7.2epss 0.01

    The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-0957MedMar 22, 2024
    risk 0.40cvss 6.1epss 0.00

    The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping.…

  • CVE-2024-50421MedOct 29, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a…

  • CVE-2026-1906MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order…

  • CVE-2022-47148Mar 1, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

  • CVE-2022-2537Aug 29, 2022
    risk 0.00cvss epss 0.01

    The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

  • CVE-2022-2092Jul 11, 2022
    risk 0.00cvss epss 0.01

    The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

  • CVE-2021-24991Jan 3, 2022
    risk 0.00cvss epss 0.01

    The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

  • CVE-2017-18506Aug 12, 2019
    risk 0.00cvss epss 0.01

    The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.