CVE-2024-3216

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress versions up to, and including, 4.4.2

Description The issue allows unauthorized modification of data due to a missing capability check on the wt pklist reset settings() function. This makes it possible for unauthenticated attackers to reset all of the plugin's settings.

Recommendations For versions up to, and including, 4.4.2, update to a version higher than 4.4.2 to resolve the issue. As a temporary workaround, consider disabling the wt pklist reset settings() function until a patch is available.