CVE-2026-52704

CRITICAL

WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Remote Code Execution (RCE) vulnerability

Title source: cna
STIX 2.1

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.

References (1)

Core 1

Scores

CVSS v3 10.0
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
Edgar Rojas/WooCommerce PDF Invoice Builder < 2.0.8
Published Jun 15, 2026
Tracked Since Jun 15, 2026