Description

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2025-02-04T18:45:51.078Z

Last Modified :

2025-02-12T20:51:28.697Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24373 vulnerability.

Vendors Products
Wpovernight
  • Woocommerce Pdf Invoices\& Packing Slips
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24373.

URL Resource
https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/commit/6daeff87f8a7f941f0f7cf4637f41d22c4428c30 cve-icon cve-icon
https://github.com/wpovernight/woocommerce-pdf-invoices-packing-slips/security/advisories/GHSA-3j9m-cp35-94fr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact