CVE-2025-13773

Description

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the WooCommerce_Delivery_Notes::update function. This is due to missing capability check in the WooCommerce_Delivery_Notes::update function, PHP enabled in Dompdf, and missing escape in the template.php file. This makes it possible for unauthenticated attackers to execute code on the server.