The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn’t escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce_pdf_invoices\\&_packing_slips | lt | 2.16.0 |