PT-2024-16935 · WordPress · Pdf Invoices & Packing Slips Generator For Woocommerce

Dale Mavers

Published

2024-11-22

Updated

2024-11-23

CVE-2024-11361

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress versions up to, and including, 2.2.1

Description The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows unauthenticated attackers to inject arbitrary web scripts into pages that execute when a user performs a specific action, such as clicking on a link.

Recommendations For versions up to, and including, 2.2.1, update to a version that fixes the issue with add query arg to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to potentially vulnerable pages until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-11361

Affected Products

Pdf Invoices & Packing Slips Generator For Woocommerce

CVE-2024-11361

Weakness Enumeration

Related Identifiers

Affected Products

References · 7