What the vulnerability does
01Description
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
Explanation of Vulnerability in Simple Terms
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin through version 4.9.4 exposes sensitive data without proper access controls. An attacker can read confidential information such as invoice details, customer data, or shipping information by making direct requests to the plugin. No authentication or user interaction is required.
What an attacker can do
Read sensitive invoice, customer, and shipping data without authentication.
Potential impact on your site
Customer invoices, addresses, and order details may be exposed to unauthorized parties.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities