PatchSiren cyber security CVE debrief
CVE-2026-39472 WP Overnight CVE debrief
CVE-2026-39472 is a HIGH severity vulnerability in WooCommerce PDF Invoices & Packing Slips plugin versions less than 5.9.0. The vulnerability is caused by a PHP Object Injection issue that can be exploited by shop managers. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2.
- Vendor
- WP Overnight
- Product
- WooCommerce PDF Invoices & Packing Slips
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WooCommerce PDF Invoices & Packing Slips plugin versions less than 5.9.0 should update to version 5.9.0 or later to mitigate this vulnerability.
Technical summary
The vulnerability is caused by a PHP Object Injection issue in WooCommerce PDF Invoices & Packing Slips plugin versions less than 5.9.0. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Update WooCommerce PDF Invoices & Packing Slips plugin to version 5.9.0 or later.
- See ${ref-4} for more information.
Evidence notes
Vendor and product information is not confirmed. See ${cve-org} for official CVE record and ${nvd} for NVD details.
Official resources
-
CVE-2026-39472 CVE record
CVE.org
-
CVE-2026-39472 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-39472 was published on ${cvePublishedAt} and modified on ${cveModifiedAt}.