CVE-2023-51486 WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in RedNao WooCommerce PDF Invoice Builder.This issue affects WooCommerce PDF Invoice Builder: from n/a through 1.2.101...

WordPress Plugin WooCommerce PDF Invoice Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress Plugin WooCommerce PDF...

WooCommerce PDF Invoice Builder < 1.2.102 - Cross-Site Request Forgery

Description The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.101. This is due to missing or incorrect nonce validation in the /pages/invoicelist.php file. This makes it possible for unauthenticated attackers...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.101 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.101 Fixed in 1.2.102 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51486 Patch priority Low CVSS severity Low 5.4 Developer Edgar Rojas PSID 0520b4dedf5c Credits...

CVE-2023-46076

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

CVE-2023-46076

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

CVE-2023-46076

CVE-2023-46076 is an unauthenticated reflected XSS in the WooCommerce PDF Invoice Builder plugin for WordPress, affecting versions up to 1.2.102. The vulnerability stems from improper input handling in the plugin, enabling injection of scripts via user-controlled input. Unpatched in 1.2.102, expl...

CVE-2023-46076 WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

CVE-2023-46076 WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin = 1.2.102 versions...

PT-2023-29828 · WordPress · Rednao Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: RedNao WooCommerce PDF Invoice Builder plugin versions 1.2.102 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into the website,...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.103 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.103 Fixed in 1.2.104 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46076 Patch priority High CVSS severity High 7.1 Developer Edgar Rojas PSID e196625e8b7e Credits LEE S...

WooCommerce PDF Invoice Builder < 1.2.91 - Invoice Fields Creation via CSRF

Description The plugin does not have CSRF check when creating invoice fields, which could allow attackers to make logged in admin perform such action via a CSRF attack...

CVE-2023-4161

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

CVE-2023-4245

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...

CVE-2023-3764

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

CVE-2023-3677

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

Sql injection

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

Cross site request forgery (csrf)

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

Cross site request forgery (csrf)

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...