Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical1
High0
Medium3
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-12-29

CVE-2025-13773 - Delivery Notes For Woocommerce Plugin

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.

PLUGIN Delivery Notes For Woocommerce

CVE-2025-13773

CRITICAL CVSS 9.8 2025-12-24
Open Full Technical Breakdown
Threat Entry Updated 2025-03-08

CVE-2024-13640 - Delivery Notes For Woocommerce Plugin

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled.

PLUGIN Delivery Notes For Woocommerce

CVE-2024-13640

MEDIUM CVSS 5.9 2025-03-08
Open Full Technical Breakdown
Threat Entry Updated 2024-12-24

CVE-2024-12210 - Delivery Notes For Woocommerce Plugin

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.

PLUGIN Delivery Notes For Woocommerce

CVE-2024-12210

MEDIUM CVSS 4.3 2024-12-24
Open Full Technical Breakdown
Threat Entry Updated 2025-06-20

CVE-2023-0479 - Delivery Notes For Woocommerce Plugin

The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.

PLUGIN Delivery Notes For Woocommerce

CVE-2023-0479

MEDIUM CVSS 6.1 2024-01-16
Open Full Technical Breakdown
Scroll to top