CVE-2024-13640

5.9 MEDIUM

Published: March 08, 2025 Modified: April 15, 2026

Description

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/wcdn/invoice directory which can contain invoice files if an email attachment setting is enabled.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/trunk/includes/class-wcdn-theme.php#L56

Source: security@wordfence.com

https://plugins.trac.wordpress.org/changeset/3250195/

Source: security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/12ab3e54-a0b9-4420-ac90-f16e23688cca?source=cve

Source: security@wordfence.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.9 / 10.0

EPSS (Exploit Probability)

0.3%

55th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Related CVEs

CVE-2026-4049 N/A

CVE-2026-41455 8.5

CVE-2026-41454 8.3

CVE-2026-41314 N/A

CVE-2026-41313 N/A