The Print Invoice & Delivery Notes for WooCommerce WordPress plugin prior to 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tychesoftwares print invoice \\& delivery notes for woocommerce |