6 matches found
CVE-2026-9612
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
CVE-2026-9612 WhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLs
The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...
CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
EUVD-2024-54168
Malicious code in bioql PyPI...
CVE-2024-13640
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...
CVE-2024-13640
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...