CVE-2026-56060
Deferred Deferred - Pending Action
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56060
EUVD
EUVD-2026-39714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack print_invoice_and_delivery_notes_for_woocommerce to 7.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthenticated sensitive data exposure, meaning unauthorized users could potentially access confidential information that should normally be restricted.

Such exposure of sensitive data can lead to non-compliance with common data protection standards and regulations like GDPR and HIPAA, which require the protection of personal and sensitive information from unauthorized access.

Therefore, if exploited, this vulnerability could result in violations of these regulations due to the unauthorized disclosure of sensitive data.

Executive Summary

CVE-2026-56060 is a vulnerability in the WordPress Print Invoice & Delivery Notes for WooCommerce Plugin, versions 7.1.1 and below. It allows unauthenticated users to access sensitive data that should normally be restricted. This means that confidential information can be exposed to unauthorized parties without requiring any login or special permissions.

The vulnerability is classified as medium-priority with a CVSS score of 7.5 and falls under the OWASP Top 10 category A3: Sensitive Data Exposure.

Impact Analysis

This vulnerability can lead to unauthorized exposure of sensitive and confidential information from your WooCommerce store, potentially compromising customer data and business information.

Because the vulnerability is unauthenticated, attackers do not need any credentials to exploit it, increasing the risk of mass exploitation across thousands of websites.

If exploited, this could damage your business reputation, lead to loss of customer trust, and possibly result in legal consequences depending on the nature of the exposed data.

The vulnerability has been patched in version 7.1.2, so updating immediately is strongly recommended to mitigate these risks.

Mitigation Strategies

The vulnerability in the Print Invoice & Delivery Notes for WooCommerce Plugin versions 7.1.1 and below allows unauthenticated sensitive data exposure.

The immediate step to mitigate this vulnerability is to update the plugin to version 7.1.2 or later, where the issue has been patched.

If updating is not possible immediately, it is recommended to seek assistance from a hosting provider or a web developer.

Patchstack users can enable auto-updates for vulnerable plugins to reduce the risk of exploitation.

No virtual patch is available due to the nature of the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart