CVE-2022-2537

Summary

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

Affected Software

VendorProductVersion RangeStatus
UnknownWooCommerce PDF Invoices & Packing Slips2.14.0 < 2.14.0*affected
UnknownWooCommerce PDF Invoices & Packing Slips3.0.1 < 3.0.1affected

Weaknesses

  • CWE-79: CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References