Invoice Payment For Woocommerce

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-54328	WordPress Invoice Payment For Woocommerce	Hig	0.46	7.1	0.00		Dec 13, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2.
CVE-2025-14971	WordPress Invoice Payment For Woocommerce	Med	0.34	5.3	0.00		Jan 27, 2026	The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.

CVE-2024-54328HigDec 13, 2024
WordPress
Invoice Payment For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linknacional Invoice Payment for WooCommerce invoice-payment-for-woocommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through <= 1.7.2.
CVE-2025-14971MedJan 27, 2026
WordPress
Invoice Payment For Woocommerce
risk 0.34cvss 5.3epss 0.00
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.