Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in PDF for WooCommerce – ALL in One + Drag And Drop Template Builder 5.3.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: May 7, 2025

A popular plugin for WordPress, called PDF Invoices for WooCommerce + Drag and Drop Template Builder, has a security issue that could allow hackers to access sensitive information from the website’s database. This vulnerability is present in versions up to 5.3.8 and is caused by inadequate protection of user-supplied data and insufficient preparation of the existing SQL query. This means that attackers with administrator-level access or higher could add their own queries to the existing ones and retrieve private information.

Detected in:

PDF Builder for WooCommerce – Invoices – Packing Slips – Delivery Notes – Shipping Labels – Cart PDF – Voucher PDF – Catalog PDF fixed vulnerable versions:
PDF Builder for WooCommerce – Invoices – Packing Slips – Delivery Notes – Shipping Labels – Cart PDF – Voucher PDF – Catalog PDF – ALL in One fixed vulnerable versions:
PDF for WooCommerce – ALL in One + Drag And Drop Template Builder fixed vulnerable versions:
PDF Invoice Builder for WooCommerce – Packing Slips – Delivery Notes – Shipping Labels fixed vulnerable versions:
PDF Invoices for WooCommerce + Drag and Drop Template Builder fixed vulnerable versions: >= * <= 5.3.8

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.