CVE Catalog

CVE-2026-52704

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

CVE-2026-52704 describes an improper control of code generation vulnerability in WooCommerce PDF Invoice Builder, allowing for remote code inclusion. This issue affects versions from n/a through 2.0.8.

Risk Assessment

Remote code inclusion can lead to system takeover, posing a serious security threat to the organization. Attackers may exploit this vulnerability to execute malicious code on the server.

Recommendation

It is recommended to update WooCommerce PDF Invoice Builder to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted to identify potential exploits.

Original NVD description (English source)

Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS