The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.CreditsZhongFu Su(JrXnm) of WuHan UniversityReferenceshttps://wpscan.com/vulnerability/87546554-276a-45fe-b2aa-b18bfc55db2d
