CVE-2023-7068
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-7068 is a vulnerability affecting the WooCommerce PDF Invoices plugin for WordPress. The issue stems from a missing capability check on the 'theprint_packinglist' action, which is exploitable by authenticated attackers with subscriber-level access or above. By leveraging this vulnerability, attackers can export orders containing sensitive information unauthorizedly, posing a significant risk to user data privacy. Versions of the plugin up to and including 4.3.0 are susceptible to this issue. Users are encouraged to update the plugin to the latest version to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.