id: CVE-2025-13773 info: name: WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution author: PikaJuna-ops severity: critical description: | Print Invoice & Delivery Notes for WooCommerce plugin for WordPress <= 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. impact: | Unauthenticated attackers can execute arbitrary code on the server, potentially leading to full system compromise. remediation: | Update to the latest version beyond 5.8.0. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/id/e52b34fe-2414-4d6f-bf43-9c5b65ebf769 - https://plugins.trac.wordpress.org/changeset/3426119/woocommerce-delivery-notes - https://nvd.nist.gov/vuln/detail/CVE-2025-13773 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-13773 epss-score: 0.032 epss-percentile: 0.86553 cwe-id: CWE-94 metadata: verified: true max-request: 2 fofa-query: body="wp-content/plugins/woocommerce-delivery-notes/" product: woocommerce-delivery-notes vendor: tychesoftwares tags: cve,cve2025,wordpress,wp-plugin,woocommerce-delivery-notes,rce,passive,vkev http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/woocommerce-delivery-notes/readme.txt' matchers: - type: dsl dsl: - "status_code == 200" - "compare_versions(version, '<= 5.8.0')" - "contains(body, 'Print Invoice & Delivery Notes')" condition: and extractors: - type: regex part: body group: 1 name: version regex: - 'Stable tag: ([0-9.]+)' internal: true # digest: 4a0a00473045022100cae0b46d2948916935932823b912d947b70912870bf1cb07f4d6070ca8278a27022001976e4a79a30b436a6835163539bdb2dd2f34c69fdb88af0d87b4d2ebfe4c48:922c64590222798bb761d5b6d8e72950