漏洞描述
PDF Invoices & Packing Slips for WooCommerce是WP Overnight开源的一个为 WooCommerce 订单创建、打印和自动发送 PDF 发票的工具。 PDF Invoices & Packing Slips for WooCommerce 4.0.0之前版本存在信息泄露漏洞,该漏洞源于允许未经授权的用户访问商店中的任何PDF文档。
PDF Invoices & Packing Slips for WooCommerce 信息泄露漏洞
PoC代码
暂无相关漏洞推荐
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞(CVE-2024-8425)
- POC CVE-2023-2986: Abandoned Cart Lite for WooCommerce - Authentication Bypass
- POC CVE-2014-4558: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
- POC CVE-2018-5316: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
- POC CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
- POC CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
- POC CVE-2021-24849: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
- POC CVE-2021-24940: WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting
- POC CVE-2021-24991: WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
- POC CVE-2021-32789: WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection
- POC CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting