A critical sensitive data exposure vulnerability in the Print Invoice & Delivery Notes for WooCommerce plugin allows unauthenticated attackers to access private customer records, posing a severe privacy and compliance risk.

This vulnerability involves the improper handling of access permissions, allowing unauthenticated users to retrieve sensitive invoice and delivery documentation. The flaw resides in the plugin's document generation or retrieval logic, which lacks sufficient authorization checks.

The exposure of invoices and delivery notes can result in the unauthorized disclosure of customer PII (Personally Identifiable Information), including names, addresses, and purchase history. Given the CVSS score of 7.5, this incident could lead to significant legal and regulatory consequences, including violations of privacy mandates like GDPR or CCPA, and severe reputational damage.

Immediate Action: Update the Print Invoice & Delivery Notes plugin to the latest vendor-provided release to resolve the information disclosure vulnerability.

Proactive Monitoring: Review server logs for high volumes of requests directed at document retrieval endpoints, which may indicate automated scraping or enumeration attempts.

Compensating Controls: Utilize WAF rules to detect and block unauthorized requests to the plugin's document generation URL patterns until the patch is applied.

Public Exploit Available: false

This vulnerability represents a significant risk to data privacy and must be remediated without delay. Administrators should ensure that the plugin is updated immediately and that any exposed sensitive documents are audited for potential unauthorized access. Consistent monitoring of traffic patterns is recommended until the patch is verified.