CVE-2025-24644

Published Jan 24, 2025

Last updated 7 months ago

CVSS medium 5.9

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1.
Source: audit@patchstack.com
NVD status: Analyzed
Products: woocommerce_pdf_invoices\,_packing_slips\,_delivery_notes_and_shipping_labels

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

audit@patchstack.com: CWE-79

Hype score: Not currently trending

CVE-2025-24644 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Note… https://t.co/LnTinZGFoq
@CVEnew
24 Jan 2025
188 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webtoffee:woocommerce_pdf_invoices\\,_packing_slips\\,_delivery_notes_and_shipping_labels:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5852600-D9B7-4F9B-9876-09EC8F54476B",
            "versionEndExcluding": "4.7.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References