Description
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.9.0.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Immediate Patch
AI Analysis

Impact

Missing authorization in the Print Invoice & Delivery Notes for WooCommerce plugin allows an attacker to bypass intended access controls and retrieve data that should be protected. Because the plugin delivers invoices and delivery notes, any user who can trigger the relevant endpoints may access sensitive transactional information. This breach of access control is categorized as CWE‑862.

Affected Systems

WordPress sites that deploy tychesoftwares Print Invoice & Delivery Notes for WooCommerce version 5.9.0 or earlier, and all earlier releases, are affected. Site administrators who have not updated the plugin remain vulnerable.

Risk and Exploitability

The CVSS score of 7.5 denotes a medium‑to‑high severity, and the EPSS value of less than 1 % suggests that wild exploitation is currently unlikely. This vulnerability is not listed in the CISA KEV catalog, indicating no known high‑profile attacks. The attack path appears to be a simple HTTP request to the plugin's invoice or delivery‑note endpoints, but the exact prerequisites—such as whether authentication is required—are not described in the CVE. Given the potential for significant data exposure and the low effort needed to patch, the risk remains elevated.

Generated by OpenCVE AI on March 26, 2026 at 22:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest plugin release (5.9.1 or later).
  • If an upgrade is not feasible, limit access to invoice and delivery‑note URLs to users with administrative privileges or consider disabling the feature until a patch is applied.

Generated by OpenCVE AI on March 26, 2026 at 22:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Tychesoftwares
Tychesoftwares print Invoice & Delivery Notes For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Tychesoftwares
Tychesoftwares print Invoice & Delivery Notes For Woocommerce
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.9.0.
Title WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Tychesoftwares Print Invoice & Delivery Notes For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:08.650Z

Reserved: 2026-02-02T12:20:47.811Z

Link: CVE-2026-25317

cve-icon Vulnrichment

Updated: 2026-03-26T19:25:25.644Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:16:43.970

Modified: 2026-04-24T16:32:53.997

Link: CVE-2026-25317

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:46:04Z

Weaknesses