Stored XSS Vulnerability in PDF Invoices for WooCommerce by add-ons.org
CVE-2025-24755

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: PDF Invoices For WooCommerce + Drag And Drop Template Builder
Vendor: CVE Published:; 24 January 2025

What is CVE-2025-24755?

A Stored XSS vulnerability exists in the PDF Invoices for WooCommerce + Drag and Drop Template Builder plugin developed by add-ons.org. This flaw allows an attacker to inject malicious scripts that can be stored and executed within the web application. As a result, users accessing affected versions may inadvertently execute these scripts, compromising their sessions and sensitive data. This vulnerability impacts versions from n/a through 4.6.0. Secure your site by updating to the recommended version and reviewing best practices for preventing XSS attacks.

Affected Version(s)

PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 4.6.0

References

https://patchstack.com/database/wordpress/plugin/pdf-for-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

theviper17 (Patchstack Alliance)