Lucene search
PRIOn knowledge basePRION:CVE-2023-7068HistoryJan 03, 2024 - 9:15 a.m.
Information disclosure
2024-01-0309:15:00
PRIOn knowledge base
www.prio-n.com
4
information disclosure
woocommerce
pdf plugin
vulnerability
wordpress
data access
capability check
subscriber level
sensitive information
export orders
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce_pdf_invoices\\,_packing_slips\\,_delivery_notes_and_shipping_labels | lt | 4.3.1 |
References
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3014977%40print-invoices-packing-slip-labels-for-woocommerce&new=3014977%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=
www.wordfence.com/threat-intel/vulnerabilities/id/5abc282d-68c9-423c-a15c-d4d3f7035661?source=cve
Related
cvelist
cvelist
CVE-2023-7068
2024-01-03 08:29:48
wpvulndb
wpvulndb
WooCommerce PDF Invoices < 4.3.1 - Subscriber+ Arbitrary Order Export
2024-01-03 00:00:00
cve
cve
CVE-2023-7068
2024-01-03 09:15:11
nvd
nvd
CVE-2023-7068
2024-01-03 09:15:11
wordfence
wordfence