Vulnerabilities > Wpovernight

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-9927 Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5.
network
low complexity
wpovernight CWE-287
7.2
2024-01-27 CVE-2024-22147 Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.
network
low complexity
wpovernight
7.2
2023-06-22 CVE-2023-34170 Unspecified vulnerability in Wpovernight Download Quick/Bulk Order Form for Woocommerce
Auth.
network
low complexity
wpovernight
4.8
2023-03-01 CVE-2022-47148 Cross-Site Request Forgery (CSRF) vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.
network
low complexity
wpovernight CWE-352
4.3
2022-08-29 CVE-2022-2537 Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
network
low complexity
wpovernight
6.1
2022-07-11 CVE-2022-2092 Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
network
low complexity
wpovernight
6.1
2022-01-03 CVE-2021-24991 Cross-site Scripting vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
network
low complexity
wpovernight CWE-79
4.8
2019-08-12 CVE-2017-18506 Cross-site Scripting vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
network
low complexity
wpovernight CWE-79
6.1