Vulnerability Details CVE-2023-0479
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2023-0479
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:2.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:2.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:2.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.0.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.0.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.0.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.0.6
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.1.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.2.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.2.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.2.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.3.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.4.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:3.4.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.0.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.0.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.1.6
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.2.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.4.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.3.6
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.6
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.7
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.8
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.4.9
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.5.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.1
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.2
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.3
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.4
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.6.5
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.7.0
-
cpe:2.3:a:tychesoftwares:print_invoice_&_delivery_notes_for_woocommerce:4.7.1