The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce_pdf_invoices\\&_packing_slips | ge | 2.14.0 | |
woocommerce_pdf_invoices\\&_packing_slips | lt | 3.0.1 |