79 matches found
EUVD-2026-28517
Kimai has an arbitrary file read in its invoice PDF renderer admin...
GHSA-H5FH-7HWR-97MW Kimai has an arbitrary file read in its invoice PDF renderer (admin)
Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...
CVE-2023-4161
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...
CVE-2023-4245
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...
CVE-2023-4160
The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
CVE-2025-60083
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...
CVE-2025-60083 WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...
CVE-2025-60083
CVE-2025-60083 affects the WordPress plugin “PDF Invoice Builder for WooCommerce” (WordPress/WooCommerce). Connected sources confirm a deserialization of untrusted data vulnerability that allows object injection in versions up to 6.3.2 (other references discuss related versions up to 6.5.0). The ...
CVE-2025-60083 WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.5.0...
WordPress plugin PDF Invoice Builder for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
WordPress WooCommerce PDF Invoice Builder plugin missing license vulnerability
WordPress WooCommerce PDF Invoice Builder plugin is designed for WooCommerce e-commerce platform invoice and packing slip generation tool, support customized templates, multi-language, conditional generation and other features, to help merchants create professional documents in line with the bran...
WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin WooCommerce PDF Invoice Builder versions = 1.2.150...
EUVD-2025-163778
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 1.2.150...
CVE-2025-64269
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 1.2.150...
CVE-2025-64269 WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerability
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 1.2.150...
CVE-2025-64269
The CVE-2025-64269 entry pertains to the WordPress plugin WooCommerce PDF Invoice Builder (plugin versions
CVE-2025-64269 WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerability
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 1.2.150...
PT-2025-46803
Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoice Builder versions through 1.2.150 Description The software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue impacts the WooCommerce PDF...
EUVD-2023-54116
Malicious code in bioql PyPI...
EUVD-2023-50337
Malicious code in bioql PyPI...