CVE-2026-1906

Published February 18th, 2026

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage.

PDF Invoices & Packing Slips for WooCommerce

<p>This WooCommerce extension automatically adds a PDF or XML invoice (e-invoicing) to the order confirmation emails sent out to your customers. Includes a basic template (additional templates are available from <a href="https://wpovernight.com/downloads/woocommerce-pdf-invoices-packing-slips-bundle/" rel="nofollow ugc">WP Overnight</a>) as well as the possibility to modify/create your own templates. In addition, you can choose to download or print invoices and packing slips from the WooCommerce order admin.</p> <h4>Main features</h4> <ul> <li>Automatically attach invoice PDF or XML to WooCommerce emails of your choice</li> <li>Download the PDF or XML Invoice / PDF Packing Slip from the order admin page</li> <li>Choose from a range of e‑document formats: UBL 2.1, Peppol BIS 3.0, CII D16B, Factur‑X 1.0, ZUGFeRD 1.0, and ZUGFeRD 2.0.</li> <li>Generate PDF invoices / packing slips in bulk</li> <li><strong>Fully customizable</strong> HTML/CSS invoice templates</li> <li>Download invoices from the My Account page</li> <li>Sequential invoice numbers</li> <li><strong>Available in:</strong> Czech, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese (see FAQ for adding custom fonts!), Norwegian, Portuguese, Polish, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish & Ukrainian</li> </ul> <h4>Free extensions</h4> <p>The following free extensions are available to add additional features to the plugin:</p> <ul> <li><strong><a href="https://github.com/wpovernight/woocommerce-pdf-ips-mpdf" rel="nofollow ugc">PDF Invoices & Packing Slips for WooCommerce – mPDF</a></strong>: Adds support for RTL layout and Arabic script.</li> <li><strong><a href="https://github.com/wpovernight/woocommerce-pdf-ips-mpdf-cjk" rel="nofollow ugc">PDF Invoices & Packing Slips for WooCommerce – mPDF CJK</a></strong>: Provides support for Chinese, Japanese, and Korean (CJK) fonts for the mPDF extension.</li> <li><strong><a href="https://github.com/wpovernight/woocommerce-pdf-ips-unicode" rel="nofollow ugc">PDF Invoices & Packing Slips for WooCommerce – Unicode Language Pack</a></strong>: Adds support for Chinese, Japanese, and Korean scripts.</li> <li><strong><a href="https://github.com/wpovernight/wcpdf-taxes-summary" rel="nofollow ugc">PDF Invoices & Packing Slips for WooCommerce – Taxes Summary</a></strong>: Adds a taxes summary table after the order details.</li> </ul> <h4>Premium extensions</h4> <p>In addition to this, we offer several premium extensions:</p> <ul> <li>Create/email PDF Proforma Invoices, Credit Notes (for Refunds), email Packing Slips, automatic upload to Dropbox, Google Drive & more with <a href="https://wpovernight.com/downloads/woocommerce-pdf-invoices-packing-slips-professional/" rel="nofollow ugc">PDF Invoices & Packing Slips for WooCommerce Professional</a></li> <li>Get the complete feature set, including <strong>Professional</strong>, <strong>Premium Templates</strong>, and additional features with the <a href="https://wpovernight.com/downloads/woocommerce-pdf-invoices-packing-slips-bundle/" rel="nofollow ugc">WooCommerce PDF Invoices & Packing Slips Plus Bundle</a></li> <li>Add Peppol network delivery for WooCommerce invoices and credit notes right inside your invoicing workflow. <a href="https://wpovernight.com/downloads/woocommerce-edocuments-peppol/" rel="nofollow ugc">eDocuments for WooCommerce: Peppol</a></li> <li>Automatically send new orders or packing slips to your printer as soon as the customer orders! <a href="https://wpovernight.com/downloads/woocommerce-automatic-order-printing-printnode/" rel="nofollow ugc">WooCommerce Automatic Order Printing (PrintNode)</a></li> <li>Enable EU VAT number collection, automatic validation and reverse-charge logic right in your WooCommerce store. <a href="https://wpovernight.com/downloads/woocommerce-eu-vat-compliance/" rel="nofollow ugc">WooCommerce European (EU/UK/Norway/Switzerland) VAT Compliance</a></li> </ul> <h4>Fully customizable</h4> <p>In addition to a number of default settings (including a custom header/logo) and several layout fields that you can use out of the box, the plugin contains HTML/CSS-based templates that allow for customization & full control over the PDF output. Copy the templates to your theme folder and you don’t have to worry that your customizations will be overwritten when you update the plugin.</p> <ul> <li>Insert customer header image/logo</li> <li>Modify shop data / footer / disclaimer etc. on the invoices & packing slips</li> <li>Select paper size (Letter or A4)</li> <li>Translation ready</li> </ul>

WordPress Plugin Directory

22.8M