Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in PDF Invoices for WooCommerce + Drag and Drop Template Builder 4.6.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 24, 2025

A plugin used in WordPress, called PDF Invoices for WooCommerce + Drag and Drop Template Builder, has a security issue that allows unauthorized users to inject harmful web scripts into pages. This can happen in versions up to 4.6.0 because the plugin does not properly clean up user input and output. This means that attackers with a certain level of access can add code that will run when someone visits the page.

Detected in:

PDF Builder for WooCommerce – Invoices – Packing Slips – Delivery Notes – Shipping Labels – Cart PDF – Voucher PDF – Catalog PDF fixed vulnerable versions:
PDF Builder for WooCommerce – Invoices – Packing Slips – Delivery Notes – Shipping Labels – Cart PDF – Voucher PDF – Catalog PDF – ALL in One fixed vulnerable versions:
PDF for WooCommerce – ALL in One + Drag And Drop Template Builder fixed vulnerable versions:
PDF Invoice Builder for WooCommerce – Packing Slips – Delivery Notes – Shipping Labels fixed vulnerable versions:
PDF Invoices for WooCommerce + Drag and Drop Template Builder fixed vulnerable versions: >= * <= 4.6.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.