Description
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated sensitive data exposure is possible in the WordPress Print Invoice & Delivery Notes for WooCommerce plugin due to improper handling of order data. Attackers can read confidential order information, compromising confidentiality. The weakness is classified as CWE-497.

Affected Systems

The vulnerability affects the "Print Invoice & Delivery Notes for WooCommerce" plugin by tychesoftwares, specifically all versions up to and including 7.1.1. Users should upgrade to at least version 7.1.2 to mitigate the issue.

Risk and Exploitability

With a CVSS score of 7.5 the flaw represents high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the unauthenticated nature means any web visitor can exploit it to obtain protected data, provided the plugin’s print functionality is accessible to unauthenticated users.

Generated by OpenCVE AI on June 26, 2026 at 17:13 UTC.

Remediation

Vendor Solution

Update the WordPress Print Invoice & Delivery Notes for WooCommerce Plugin to the latest available version (at least 7.1.2).

OpenCVE Recommended Actions

  • Update the plugin to at least version 7.1.2.
  • Restrict the plugin’s print functionality to authenticated administrators only.
  • Disable or remove front‑end access to order data pages if they are unnecessary for site visitors.

Generated by OpenCVE AI on June 26, 2026 at 17:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Tychesoftwares
Tychesoftwares print Invoice & Delivery Notes For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Tychesoftwares
Tychesoftwares print Invoice & Delivery Notes For Woocommerce
Wordpress
Wordpress wordpress

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
Title WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Tychesoftwares Print Invoice & Delivery Notes For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:46:37.853Z

Reserved: 2026-06-18T14:38:04.421Z

Link: CVE-2026-56060

cve-icon Vulnrichment

Updated: 2026-06-26T15:46:28.087Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:30:04Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere