CVE-2023-3764

CVE-2023-3764 concerns the WooCommerce PDF Invoice Builder plugin for WordPress. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the Save function, allowing unauthenticated attackers to trigger changes to invoices if a site admin is tricked into performing an action. Affected ve...

CVE-2023-4160 WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

CVE-2023-4160 WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

CVE-2023-4161 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

CVE-2023-4161

CVE-2023-4161 concerns the WordPress plugin WooCommerce PDF Invoice Builder . Multiple sources confirm a Cross‑Site Request Forgery (CSRF) vulnerability caused by a missing nonce check in the SaveCustomField function, affecting versions up to and including 1.2.90. Unauthenticated attackers could ...

CVE-2023-3677

CVE-2023-3677 affects the WooCommerce PDF Invoice Builder plugin for WordPress (versions

CVE-2023-3677 WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2023-4245

The CVE-2023-4245 issue affects the WooCommerce PDF Invoice Builder for WordPress (versions up to 1.2.89). Root cause: missing capability check in GetInvoiceDetail, enabling unauthorized access to invoices by subscribers who can guess order and invoice IDs. Impact stated in sources is unauthorize...

CVE-2023-4245 WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...

WordPress plugin WooCommerce PDF Invoice Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF Invoi...

WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

PT-2023-28350 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder for WordPress versions up to, and including, 1.2.89 Description: The issue allows unauthorized access to data due to a missing capability check on the GetInvoiceDetail function. This makes it possible for...

PT-2023-26055 · WordPress · Woocommerce Pdf Invoice Builder

Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the Save function. This allows...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.91 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.91 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4245 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID f1eb4f613ca1 Credits Marco Wotschka...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4160 Patch priority Low CVSS severity Low 5.9 Developer Edgar Rojas PSID 27b991f0b0a1 Credits Marco...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4161 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID 9cbed5bb67a7 Credits Marco...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.89 is vulnerable to SQL Injection

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.89 Fixed in 1.2.90 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-3677 Patch priority High CVSS severity High 8.5 Developer Edgar Rojas PSID 2cec7ed323a9 Credits Marco Wotschka Required privilege...

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3764 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID 32ad6bbe40fc Credits Marco...

Semrush: Lack of sanitization of the billing address in pdf invoice

A vulnerability in the invoice PDF generation allowed HTML code injection due to insufficient sanitization of billing address data. An internal review found no evidence of exploitation...