cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11276,https://securityvulnerability.io/vulnerability/CVE-2024-11276,Vulnerability in PDF Builder for WooCommerce Allows Reflected Cross-Site Scripting,"The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,"PDF Builder For WooCommerce. Create Invoices,packing Slips And More",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-06T08:24:53.619Z,0
CVE-2023-3764,https://securityvulnerability.io/vulnerability/CVE-2023-3764,Cross-Site Request Forgery Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress presents a Cross-Site Request Forgery vulnerability in all versions up to 1.2.90. This vulnerability arises from inadequate nonce validation during the Save function, allowing malicious actors to exploit this weakness. By tricking a site administrator into executing a crafted action, unauthorized changes to invoices might occur without the administrator's consent, potentially compromising sensitive financial data.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4160,https://securityvulnerability.io/vulnerability/CVE-2023-4160,Stored Cross-Site Scripting in WooCommerce PDF Invoice Builder for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This flaw allows authenticated attackers with administrator or higher privileges to inject malicious web scripts into pages, which are executed when users access those infected pages. The issue is particularly relevant for multi-site installations and those where unfiltered_html is disabled, heightening the risk of exploitation.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4161,https://securityvulnerability.io/vulnerability/CVE-2023-4161,Cross-Site Request Forgery in WooCommerce PDF Invoice Builder for WordPress,"The WooCommerce PDF Invoice Builder for WordPress has a vulnerability allowing unauthenticated attackers to exploit a missing nonce check in the SaveCustomField function. This flaw enables these attackers to create or modify invoice fields if they can trick an administrator into executing an action, such as clicking on a malicious link. This vulnerability affects versions of the plugin up to and including 1.2.90, highlighting the importance of implementing nonce checks to prevent unauthorized actions within plugins.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-3677,https://securityvulnerability.io/vulnerability/CVE-2023-3677,SQL Injection Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress is susceptible to SQL Injection via the 'pageId' parameter. This vulnerability arises from improper escaping of user-supplied data and inadequate preparation of existing SQL queries. As a result, users with subscriber permissions or higher can exploit this flaw to inject additional SQL queries into existing ones, potentially allowing unauthorized access to sensitive information stored in the database.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4245,https://securityvulnerability.io/vulnerability/CVE-2023-4245,Unauthorized Data Access Vulnerability in WooCommerce PDF Invoice Builder by WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress has a vulnerability that allows unauthorized access to invoice data. This is due to a missing capability check in the GetInvoiceDetail function, which affects all versions up to and including 1.2.89. A malicious user with a subscriber account can exploit this flaw to view sensitive invoices by simply guessing the order ID and invoice ID, potentially exposing private financial information.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0