VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Mar 18, 2026

Print Invoice & Delivery Notes for WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Print Invoice & Delivery Notes for WooCommerce (`woocommerce-delivery-notes`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-25317, CVE-2026-24946 and CVE-2025-13773, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
1
Patch Coverage
100%
Last Updated
Mar 27, 2026
Priority CVE Quick Links

Fast paths into Print Invoice & Delivery Notes for WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2025-13773 Critical 5.9.0
CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

CVE-2023-0479 Medium 4.7.2
CVE-2023-0479 Print Invoice & Delivery Notes for WooCommerce Cross-Site Scripting

Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting

CVE-2024-13640 Medium 5.5.0
CVE-2024-13640 Print Invoice & Delivery Notes for WooCommerce Sensitive Information Exposure

Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

CVE-2026-25317 Medium 6.0.0
CVE-2026-25317 Print Invoice & Delivery Notes for WooCommerce Vulnerability

Print Invoice & Delivery Notes for WooCommerce <= 5.9.0 - Missing Authorization

CVE-2026-24946 Medium 5.9.0
CVE-2026-24946 Print Invoice & Delivery Notes for WooCommerce Vulnerability

Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Missing Authorization

CVE-2025-49239 Medium 5.6.0
CVE-2025-49239 Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery

Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross-Site Request Forgery

CVE-2024-12210 Medium 5.4.1
CVE-2024-12210 Print Invoice & Delivery Notes for WooCommerce Vulnerability

Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion

CVE-2022-46795 Medium 4.7.3
CVE-2022-46795 Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery

Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 - Cross-Site Request Forgery via ts_reset_tracking_setting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Print Invoice & Delivery Notes for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2026-25317, CVE-2026-24946 and CVE-2025-13773
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Print Invoice & Delivery Notes for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-25317
CVE-2026-25317: Print Invoice & Delivery Notes for WooCommerce <= 5.9.0 - Missing Authorization

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.9.0. This makes it possible for unauthenticated attackers to perform an unauthorize...

Published
Mar 18, 2026
Patched Release
6.0.0
Affected Versions
Versions up to 5.9.0
Next Step
Update to 6.0.0 or newer if supported.
Open CVE-2026-25317 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-24946
CVE-2026-24946: Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Missing Authorization

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to perform an unauthorize...

Published
Feb 03, 2026
Patched Release
5.9.0
Affected Versions
Versions up to 5.8.0
Next Step
Update to 5.9.0 or newer if supported.
Open CVE-2026-24946 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-13773
CVE-2025-13773: Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_N...

Published
Dec 23, 2025
Patched Release
5.9.0
Affected Versions
Versions up to 5.8.0
Next Step
Update to 5.9.0 or newer if supported.
Open CVE-2025-13773 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49239
CVE-2025-49239: Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross-Site Request Forgery

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attacker...

Published
Jun 05, 2025
Patched Release
5.6.0
Affected Versions
Versions up to 5.5.0
Next Step
Update to 5.6.0 or newer if supported.
Open CVE-2025-49239 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13640
CVE-2024-13640: Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data sto...

Published
Mar 07, 2025
Patched Release
5.5.0
Affected Versions
Versions up to 5.4.1
Next Step
Update to 5.5.0 or newer if supported.
Open CVE-2024-13640 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12210
CVE-2024-12210: Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authentic...

Published
Dec 23, 2024
Patched Release
5.4.1
Affected Versions
Versions up to 5.4.0
Next Step
Update to 5.4.1 or newer if supported.
Open CVE-2024-12210 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-46795
CVE-2022-46795: Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 - Cross-Site Request Forgery via ts_reset_tracking_setting

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.2. This is due to missing or incorrect nonce validation on the ts_reset_tracking_setting function. This makes it possible for...

Published
Mar 13, 2023
Patched Release
4.7.3
Affected Versions
Versions up to 4.7.2
Next Step
Update to 4.7.3 or newer if supported.
Open CVE-2022-46795 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-0479
CVE-2023-0479: Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

Published
Feb 02, 2023
Patched Release
4.7.2
Affected Versions
Versions up to 4.7.1
Next Step
Update to 4.7.2 or newer if supported.
Open CVE-2023-0479 Report Open CVE Reference