Yesterday the plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels came on to our radar when it got flagged by our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins. While it turned out the plugin was not vulnerable due to what was flagged, we noticed that the plugin was closed on the Plugin Directory and that general security changes had just been made to the plugin. Since then plugin has been reopened. There were not any obvious major security issues that we saw in glancing over the changes made, so we ran the version of the plugin prior to the changes through our Plugin Security Checker to see if it identified any issues and it found a reflected cross-site scripting (XSS) vulnerability.

...

---

This post provides insights on a vulnerability in the WordPress plugin WooCommerce PDF Invoices Packing Slips Delivery Notes & Shipping Labels not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.

If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.

For existing customers, please log in to your account to view the rest of the contents of the post.