WordPress Plugin Vulnerabilities

WooCommerce PDF Invoice Builder < 1.2.151 - Missing Authorization

Description

The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.150. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
woo-pdf-invoice-builder
Fixed in 1.2.151

References

CVE
CVE-2025-64269
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9842421-93da-4535-9d48-fd591cd5e80f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Tran Tuan Dung (domiee13)
Verified
No
WPVDB ID
56d9fe3e-55a5-4677-944e-8dfb8c2b5cd1

Timeline

Publicly Published
2025-11-14 (about 6 months ago)
Added
2025-11-17 (about 6 months ago)
Last Updated
2025-11-17 (about 6 months ago)

Other

Published
Title
Published
2025-12-12
Title
Directory Pro <= 2.5.6 - Missing Authorization
Published
2026-04-29
Title
Classified Listing – AI-Powered Classified ads & Business Directory Plugin < 5.3.9 - Missing Authorization
Published
2025-12-31
Title
Easy Upload Files During Checkout < 3.0.1 - Missing Authorization
Published
2026-01-07
Title
Re Gallery < 1.18.10 - Missing Authorization
Published
2026-03-16
Title
ViaBill – WooCommerce < 1.1.70 - Missing Authorization to Unauthenticated Settings Change