{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T09:21:55.855","vulnerabilities":[{"cve":{"id":"CVE-2023-4161","sourceIdentifier":"security@wordfence.com","published":"2023-08-31T06:15:10.870","lastModified":"2026-04-08T18:18:13.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can trick an admin into performing an action such as clicking on a link."},{"lang":"es","value":"El constructor de facturas PDF de WooCommerce para WordPress es vulnerable a la falsificación de petición en sitios cruzados debido a una comprobación de nonce faltante en la función SaveCustomField en versiones hasta la 1.2.90, inclusive. Esto hace posible que atacantes no autenticados creen campos de factura, siempre que puedan engañar a un administrador para que realice una acción como hacer clic en un enlace."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rednao:woocommerce_pdf_invoice_builder:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.2.90","matchCriteriaId":"22079A7B-CA4E-4476-966F-B2C412C69FF2"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woo-pdf-invoice-builder/trunk/woocommerce-pdf-invoice-ajax.php?rev=2935371#L654","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2953379%40woo-pdf-invoice-builder%2Ftrunk&old=2951617%40woo-pdf-invoice-builder%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7aac1c-6962-49cf-850f-ab7b1d220090?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/woo-pdf-invoice-builder/trunk/woocommerce-pdf-invoice-ajax.php?rev=2935371#L654","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2953379%40woo-pdf-invoice-builder%2Ftrunk&old=2951617%40woo-pdf-invoice-builder%2Ftrunk&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7aac1c-6962-49cf-850f-ab7b1d220090?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}