Vulnerabilities (CVE)

Filtered by vendor Wpovernight Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22147 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 N/A 7.6 HIGH
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.
CVE-2023-34170 1 Wpovernight 1 Download Quick\/bulk Order Form For Woocommerce 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions.
CVE-2022-47148 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
CVE-2022-2537 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 N/A 6.1 MEDIUM
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
CVE-2022-2092 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
CVE-2021-24991 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 3.5 LOW 4.8 MEDIUM
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
CVE-2017-18506 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
CVE-2024-9927 1 Wpovernight 1 Woocommerce Order Proposal 2024-10-25 N/A 7.2 HIGH
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators.