CVE-2024-3047

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce plugin for WordPress versions up to, and including, 3.8.0

Description The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the transform() function.

Recommendations For versions up to, and including, 3.8.0, update to a version later than 3.8.0 to resolve the issue. As a temporary workaround, consider disabling the transform() function until a patch is available.