CVE-2026-52704
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
CVE-2026-52704 describes an improper control of code generation vulnerability in WooCommerce PDF Invoice Builder, allowing for remote code inclusion. This issue affects versions from n/a through 2.0.8.
Risk Assessment
Remote code inclusion can lead to system takeover, posing a serious security threat to the organization. Attackers may exploit this vulnerability to execute malicious code on the server.
Recommendation
It is recommended to update WooCommerce PDF Invoice Builder to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted to identify potential exploits.
Original NVD description (English source)
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.

