Privilege Escalation Vulnerability in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels
CVE-2023-51546
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 17 May 2024
What is CVE-2023-51546?
The improper privilege management vulnerability in the WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin permits unauthorized escalation of user privileges. This vulnerability can potentially allow attackers to gain access to higher privileges than intended, which could lead to unauthorized actions within the affected systems. The issue impacts versions of the plugin from n/a through 4.2.1, posing a significant risk to web stores utilizing this tool for managing their invoices and shipping documents.
Affected Version(s)
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.2.1