PatchSiren

wpovernight CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM wpovernight CVE published 2026-07-11

CVE-2026-13116

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generate_document_shortcode due to missing validation on a user controlled key. This vulnerability allows authenticated attackers with contributor-level access and above to mint publicly accessible, session-free download links for arbi [truncated]