Threat Entry Updated 2026-04-15

CVE-2026-1906 - Woocommerce Pdf Invoices Packing Slips Plugin

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data…

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2026-1906

MEDIUM CVSS 4.3 2026-02-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-11

CVE-2024-3047 - Woocommerce Pdf Invoices Packing Slips Plugin

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2024-3047

HIGH CVSS 7.2 2024-05-02

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-11

CVE-2024-3045 - Woocommerce Pdf Invoices Packing Slips Plugin

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2024-3045

HIGH CVSS 7.2 2024-05-02

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-2537 - Woocommerce Pdf Invoices Packing Slips Plugin

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2022-2537

MEDIUM CVSS 6.1 2022-08-29

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-2092 - Woocommerce Pdf Invoices Packing Slips Plugin

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2022-2092

MEDIUM CVSS 6.1 2022-07-11

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24991 - Woocommerce Pdf Invoices Packing Slips Plugin

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

PLUGIN Woocommerce Pdf Invoices Packing Slips

CVE-2021-24991

MEDIUM CVSS 4.8 2022-01-03

Risk Score

Open Full Technical Breakdown