CVE-2025-13773

by Fred · 24/12/2025

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the ‘WooCommerce_Delivery_Notes::update’ function. This is due to missing capability check in the ‘WooCommerce_Delivery_Notes::update’ function, PHP enabled in Dompdf, and missing escape in the ‘template.php’ file. This makes it possible for unauthenticated attackers to execute code on the server.

More information : https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/class-woocommerce-delivery-notes.php#L347

CVE-2025-13773

Similar

Recent Posts

Categories

CVE-2025-13773

Share this:

Similar

Recent Posts

Categories

Tags