cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11276,https://securityvulnerability.io/vulnerability/CVE-2024-11276,Vulnerability in PDF Builder for WooCommerce Allows Reflected Cross-Site Scripting,"The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,"PDF Builder For WooCommerce. Create Invoices,packing Slips And More",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-06T08:24:53.619Z,0
CVE-2024-3045,https://securityvulnerability.io/vulnerability/CVE-2024-3045,Stored Cross-Site Scripting Vulnerability in WooCommerce PDF Invoices & Packing Slips Plugin,"The WooCommerce PDF Invoices & Packing Slips plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting (XSS) through various parameters. This issue arises from insufficient input sanitization and output escaping in versions up to and including 3.8.0. An unauthenticated attacker can exploit this vulnerability to inject arbitrary web scripts into pages, which will be executed every time a user accesses the affected page. It is crucial for website owners using this plugin to assess their installations and apply necessary updates to safeguard against such vulnerabilities.",Wordpress,PDF Invoices & Packing Slips For WooCommerce,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-02T16:51:55.493Z,0
CVE-2024-3047,https://securityvulnerability.io/vulnerability/CVE-2024-3047,Server-Side Request Forgery Vulnerability in WooCommerce Invoices Plugin by WordPress,"The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress has a vulnerability that allows for Server-Side Request Forgery (SSRF) due to improper validation in the transform() function. This flaw enables unauthenticated attackers to send web requests to any arbitrary location, which could be exploited to access or modify sensitive information from internal services within the web application. Users of the plugin are advised to update to the latest version to mitigate risks associated with this vulnerability.",Wordpress,PDF Invoices & Packing Slips For WooCommerce,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:51:50.588Z,0
CVE-2024-3216,https://securityvulnerability.io/vulnerability/CVE-2024-3216,Unauthorized Modification of Data in WooCommerce PDF Invoices Plugin,"The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.",Wordpress,"WooCommerce PDF Invoices, Packing Slips, Delivery Notes And Shipping Labels",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-06T04:15:00.000Z,0
CVE-2024-0957,https://securityvulnerability.io/vulnerability/CVE-2024-0957,WooCommerce PDF Invoices Plugin Vulnerable to Stored Cross-Site Scripting,"The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.",Wordpress,"WooCommerce PDF Invoices, Packing Slips, Delivery Notes And Shipping Labels",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-22T02:00:00.179Z,0
CVE-2024-1773,https://securityvulnerability.io/vulnerability/CVE-2024-1773,Vulnerability in PDF Invoices and Packing Slips Plugin Allows PHP Object Injection and File Delete,"The PDF Invoices and Packing Slips for WooCommerce plugin, utilized within WordPress sites, is vulnerable to a PHP Object Injection due to improper handling of the order_id parameter. This vulnerability enables authenticated attackers, including those with subscriber-level access, to inject malicious PHP objects through deserialization of untrusted data. Although the vulnerable plugin does not create a known PHP Object Injection (POP) chain itself, the presence of additional plugins or themes with their own vulnerabilities could facilitate an attacker in executing arbitrary code, deleting files, or exposing sensitive information.",Wordpress,PDF Invoices And Packing Slips For WooCommerce,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-07T18:49:17.589Z,0
CVE-2023-7068,https://securityvulnerability.io/vulnerability/CVE-2023-7068,Unauthorized Data Access in WooCommerce PDF Invoices Plugin,"The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress has a security flaw that allows authenticated users, starting from subscriber-level access, to bypass authorization checks. This vulnerability arises from a missing capability check on the print_packinglist action. As a consequence, these users can export sensitive order information, potentially leading to unauthorized data exposure. It is critical for users of this plugin to update to the latest version to mitigate this risk.",Wordpress,"WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels",4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2024-01-03T09:15:00.000Z,0
CVE-2023-3677,https://securityvulnerability.io/vulnerability/CVE-2023-3677,SQL Injection Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress is susceptible to SQL Injection via the 'pageId' parameter. This vulnerability arises from improper escaping of user-supplied data and inadequate preparation of existing SQL queries. As a result, users with subscriber permissions or higher can exploit this flaw to inject additional SQL queries into existing ones, potentially allowing unauthorized access to sensitive information stored in the database.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4245,https://securityvulnerability.io/vulnerability/CVE-2023-4245,Unauthorized Data Access Vulnerability in WooCommerce PDF Invoice Builder by WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress has a vulnerability that allows unauthorized access to invoice data. This is due to a missing capability check in the GetInvoiceDetail function, which affects all versions up to and including 1.2.89. A malicious user with a subscriber account can exploit this flaw to view sensitive invoices by simply guessing the order ID and invoice ID, potentially exposing private financial information.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4161,https://securityvulnerability.io/vulnerability/CVE-2023-4161,Cross-Site Request Forgery in WooCommerce PDF Invoice Builder for WordPress,"The WooCommerce PDF Invoice Builder for WordPress has a vulnerability allowing unauthenticated attackers to exploit a missing nonce check in the SaveCustomField function. This flaw enables these attackers to create or modify invoice fields if they can trick an administrator into executing an action, such as clicking on a malicious link. This vulnerability affects versions of the plugin up to and including 1.2.90, highlighting the importance of implementing nonce checks to prevent unauthorized actions within plugins.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4160,https://securityvulnerability.io/vulnerability/CVE-2023-4160,Stored Cross-Site Scripting in WooCommerce PDF Invoice Builder for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This flaw allows authenticated attackers with administrator or higher privileges to inject malicious web scripts into pages, which are executed when users access those infected pages. The issue is particularly relevant for multi-site installations and those where unfiltered_html is disabled, heightening the risk of exploitation.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-3764,https://securityvulnerability.io/vulnerability/CVE-2023-3764,Cross-Site Request Forgery Vulnerability in WooCommerce PDF Invoice Builder Plugin for WordPress,"The WooCommerce PDF Invoice Builder plugin for WordPress presents a Cross-Site Request Forgery vulnerability in all versions up to 1.2.90. This vulnerability arises from inadequate nonce validation during the Save function, allowing malicious actors to exploit this weakness. By tricking a site administrator into executing a crafted action, unauthorized changes to invoices might occur without the administrator's consent, potentially compromising sensitive financial data.",Wordpress,"WooCommerce PDF Invoice Builder, Create invoices, packing slips and more",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2022-2537,https://securityvulnerability.io/vulnerability/CVE-2022-2537,WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting,"The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.",Wordpress,WooCommerce PDF Invoices & Packing Slips,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-08-29T17:15:36.000Z,0
CVE-2022-2092,https://securityvulnerability.io/vulnerability/CVE-2022-2092,WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting,"The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.",Wordpress,WooCommerce PDF Invoices & Packing Slips,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-07-11T12:57:25.000Z,0
CVE-2021-24991,https://securityvulnerability.io/vulnerability/CVE-2021-24991,WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting,"The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard",Wordpress,WooCommerce PDF Invoices & Packing Slips,4.8,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-01-03T12:49:10.000Z,0
CVE-2017-18506,https://securityvulnerability.io/vulnerability/CVE-2017-18506,,The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.,Wordpress,WooCommerce PDF Invoices\& Packing Slips,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,false,false,2019-08-12T14:58:56.000Z,0