CVE-2025-24644

{"id": "CVE-2025-24644", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2025-01-24T18:15:38.833", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/print-invoices-packing-slip-labels-for-woocommerce/vulnerability/wordpress-woocommerce-pdf-invoices-plugin-4-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels permite XSS almacenado. Este problema afecta a las facturas en PDF, los albaranes, las notas de entrega y las etiquetas de env\u00edo de WooCommerce: desde n/d hasta 4.7.1."}], "lastModified": "2025-02-11T19:53:56.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webtoffee:woocommerce_pdf_invoices\\,_packing_slips\\,_delivery_notes_and_shipping_labels:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E5852600-D9B7-4F9B-9876-09EC8F54476B", "versionEndExcluding": "4.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}