wpovernight CVE Vulnerabilities & Metrics

Focus on wpovernight vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About wpovernight Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with wpovernight. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total wpovernight CVEs: 9
Earliest CVE date: 12 Aug 2019, 15:15 UTC
Latest CVE date: 04 Feb 2025, 19:15 UTC

Latest CVE reference: CVE-2025-24373

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical wpovernight CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.34

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 7
4.0-6.9 2
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS wpovernight CVEs

These are the five CVEs with the highest CVSS scores for wpovernight, sorted by severity first and recency.

All CVEs for wpovernight

CVE-2025-24373 wpovernight vulnerability CVSS: 0 04 Feb 2025, 19:15 UTC

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2024-3047 wpovernight vulnerability CVSS: 0 02 May 2024, 17:15 UTC

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE-2024-3045 wpovernight vulnerability CVSS: 0 02 May 2024, 17:15 UTC

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-22147 wpovernight vulnerability CVSS: 0 27 Jan 2024, 00:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.

CVE-2022-47148 wpovernight vulnerability CVSS: 0 01 Mar 2023, 15:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce plugin <= 3.2.5 leading to popup dismiss.

CVE-2022-2537 wpovernight vulnerability CVSS: 0 29 Aug 2022, 18:15 UTC

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.

CVE-2022-2092 wpovernight vulnerability CVSS: 4.3 11 Jul 2022, 13:15 UTC

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

CVE-2021-24991 wpovernight vulnerability CVSS: 3.5 03 Jan 2022, 13:15 UTC

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard

CVE-2017-18506 wpovernight vulnerability CVSS: 4.3 12 Aug 2019, 15:15 UTC

The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.