3 matches found
CVE-2026-9612
The CVE-2026-9612 entry concerns the WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress. Affects versions up to 1.0.1 and is caused by the yapacdev_generate_order_pdf function, which exposes sensitive customer PII and order details. Attack flow: an unauthenticated user can enumera...
PT-2026-51696
Name of the Vulnerable Software and Affected Versions WhatsOrder – Instant Checkout for WooCommerce versions prior to 1.0.2 Description The plugin is susceptible to sensitive information exposure through the yapacdev generate order pdf function. Unauthenticated attackers can extract personally...
CVE-2024-13640 Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...