漏洞描述
PDF Invoices & Packing Slips for WooCommerce是WP Overnight开源的一个为 WooCommerce 订单创建、打印和自动发送 PDF 发票的工具。 PDF Invoices & Packing Slips for WooCommerce 4.0.0之前版本存在信息泄露漏洞,该漏洞源于允许未经授权的用户访问商店中的任何PDF文档。
PDF Invoices & Packing Slips for WooCommerce 信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- WordPress Drag and Drop Multiple File Upload for WooCommerce dnd_codedropz_upload_wc 文件上传漏洞(CVE-2025-4403)
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2024-4455: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting
- POC wp-yith-woocommerce-wishlist-fpd: WordPress YITH WooCommerce Wishlist - Full Path Disclosure
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- POC CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞(CVE-2024-8425)
- POC CVE-2023-2986: Abandoned Cart Lite for WooCommerce - Authentication Bypass
- POC CVE-2014-4558: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
- POC CVE-2018-5316: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
- POC CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting