PT-2025-10412 · WordPress · Print Invoice & Delivery Notes For Woocommerce
Tim Coen
·
Published
2025-03-08
·
Updated
2025-03-08
·
CVE-2024-13640
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Print Invoice & Delivery Notes for WooCommerce plugin for WordPress versions up to and including 5.4.1
Description
The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory. This directory can contain invoice files if an email attachment setting is enabled. The sensitive information exposure occurs via the 'wcdn/invoice' directory.
Recommendations
For versions up to and including 5.4.1, update to a version later than 5.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads/wcdn/invoice directory to minimize the risk of exploitation. Avoid using the email attachment setting in the affected plugin until the issue is resolved.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Print Invoice & Delivery Notes For Woocommerce