Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wpovernight Security Vulnerabilities

cve
cve

CVE-2024-3045

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS

6AI Score

0.001EPSS

2024-05-02 05:15 PM
22
cve
cve

CVE-2024-3047

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web...

7.2CVSS

6.7AI Score

0.0005EPSS

2024-05-02 05:15 PM
22
cve
cve

CVE-2024-22147

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through...

7.6CVSS

7.5AI Score

0.001EPSS

2024-01-27 12:15 AM
21
cve
cve

CVE-2022-47148

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup...

4.3CVSS

4.7AI Score

0.0005EPSS

2023-03-01 03:15 PM
12
cve
cve

CVE-2023-34170

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7...

5.9CVSS

4.9AI Score

0.0005EPSS

2023-06-22 03:15 PM
10
cve
cve

CVE-2022-2537

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site...

6.1CVSS

6.1AI Score

0.001EPSS

2022-08-29 06:15 PM
83
4
cve
cve

CVE-2022-2092

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting...

6.1CVSS

5.9AI Score

0.001EPSS

2022-07-11 01:15 PM
36
4
cve
cve

CVE-2021-24991

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin...

4.8CVSS

5.1AI Score

0.001EPSS

2022-01-03 01:15 PM
26
cve
cve

CVE-2017-18506

The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings...

6.1CVSS

6AI Score

0.001EPSS

2019-08-12 03:15 PM
26