Yesterday the plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels came on to our radar when it got flagged by our proactive monitoring of changes being made to WordPress plugins to try to catch serious vulnerabilities when they are introduced in to plugins. While it turned out the plugin was not vulnerable due to what was flagged, we noticed that the plugin was closed on the Plugin Directory and that general security changes had just been made to the plugin. Since then plugin has been reopened. There were not any obvious major security issues that we saw in glancing over the changes made, so we ran the version of the plugin prior to the changes through our Plugin Security Checker to see if it identified any issues and it found a reflected cross-site scripting (XSS) vulnerability.

…

[Read more]