What the vulnerability does
01Description
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Print Invoice & Delivery Notes for WooCommerce plugin through version 5.8.0 does not properly check user permissions before allowing access to sensitive functions. An unauthenticated attacker can modify or delete invoices and delivery notes without authorization. Site owners should update to a version newer than 5.8.0 immediately.
What an attacker can do
03Attacker Capabilities
Modify or delete invoices and delivery notes without logging in or having permission.
Potential impact on your site
04Site Impact
Attackers can tamper with or destroy invoice records, disrupting order documentation and potentially affecting compliance.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated