Vulnerabilities > Wpovernight
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-23 | CVE-2024-9927 | Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. | 7.2 |
2024-01-27 | CVE-2024-22147 | Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. | 7.2 |
2023-06-22 | CVE-2023-34170 | Unspecified vulnerability in Wpovernight Download Quick/Bulk Order Form for Woocommerce Auth. | 4.8 |
2023-03-01 | CVE-2022-47148 | Cross-Site Request Forgery (CSRF) vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss. | 4.3 |
2022-08-29 | CVE-2022-2537 | Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | 6.1 |
2022-07-11 | CVE-2022-2092 | Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | 6.1 |
2022-01-03 | CVE-2021-24991 | Cross-site Scripting vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard | 4.8 |
2019-08-12 | CVE-2017-18506 | Cross-site Scripting vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | 6.1 |