平台
wordpress
组件
pdf-invoices-packing-slips-for-woocommerce
修复版本
3.8.1
CVE-2024-3047 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the PDF Invoices & Packing Slips for WooCommerce plugin. This flaw allows unauthenticated attackers to initiate arbitrary web requests from the WordPress application, potentially accessing internal resources and sensitive data. The vulnerability affects versions of the plugin up to and including 3.8.0. A patch is available to resolve this issue.
The SSRF vulnerability in PDF Invoices & Packing Slips for WooCommerce allows an attacker to make requests to any internal service accessible to the web server. This could include accessing administrative panels, databases, or other sensitive resources that are not directly exposed to the internet. Successful exploitation could lead to data breaches, unauthorized access to internal systems, and potentially even remote code execution if internal services are vulnerable. The lack of authentication required for exploitation significantly broadens the attack surface, making it easier for malicious actors to leverage this vulnerability.
CVE-2024-3047 was publicly disclosed on May 2, 2024. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is likely to be medium, given the ease of exploitation and potential impact. It is added to the CISA KEV catalog.
WordPress websites utilizing the PDF Invoices & Packing Slips for WooCommerce plugin, particularly those running versions 3.8.0 or earlier, are at risk. Shared hosting environments where multiple websites share the same server infrastructure are especially vulnerable, as an attacker could potentially leverage this vulnerability to access other websites on the same server.
• wordpress / composer / npm:
grep -r 'transform(' /var/www/html/wp-content/plugins/pdf-invoices-packing-slips-for-woocommerce/includes/class-wc-pdf-invoice.php• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/pdf-invoices-packing-slips-for-woocommerce/includes/class-wc-pdf-invoice.php | grep -i 'server' # Check for internal server revealsdisclosure
漏洞利用状态
EPSS
0.45% (64% 百分位)
CVSS 向量
The primary mitigation for CVE-2024-3047 is to upgrade the PDF Invoices & Packing Slips for WooCommerce plugin to a version that includes the security patch. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block outbound requests to suspicious internal IP addresses or domains. Additionally, restrict the plugin's access to internal resources by implementing network segmentation and access control lists. Monitor web server logs for unusual outbound requests originating from the plugin.
Actualice el plugin PDF Invoices & Packing Slips for WooCommerce a la última versión disponible. La versión 3.8.1 o superior corrige esta vulnerabilidad de Server-Side Request Forgery (SSRF).
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-3047 is a Server-Side Request Forgery vulnerability affecting the PDF Invoices & Packing Slips for WooCommerce plugin, allowing attackers to make requests to internal services.
Yes, if you are using the PDF Invoices & Packing Slips for WooCommerce plugin version 3.8.0 or earlier, you are vulnerable to this SSRF vulnerability.
Upgrade the PDF Invoices & Packing Slips for WooCommerce plugin to the latest version, which includes a patch for this vulnerability.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official WooCommerce plugin advisory for details and updates: [https://woocommerce.com/security/](https://woocommerce.com/security/)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。