Volerion logoVolerion
Volerion logoVolerion

Print Invoice & Delivery Notes for WooCommerce Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure exists in the Print Invoice & Delivery Notes for WooCommerce plugin, affecting all versions through 5.4.1. The issue arises from an unprotected 'wcdn/invoice' directory, where sensitive data, including invoice files, can be accessed by unauthenticated users. This exposure occurs if the email attachment feature is enabled.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive invoice data stored in an unprotected directory on the server.

Reproduction

To reproduce this vulnerability, enable the email attachment option in the Print Invoice & Delivery Notes for WooCommerce plugin. Afterward, invoices will be saved as PDF files in the '/wp-content/uploads/wcdn/invoice/' directory. An unauthenticated user can then access this directory and download the invoice files, thereby exploiting the vulnerability.

Remediation

Users are advised to update the Print Invoice & Delivery Notes for WooCommerce plugin to version 5.5.0 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
2.5
exploitability
8.6
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.