CVE-2023-0479: 
WordPress vulnerability analysis and mitigation

CVE-2023-0479 affects the Print Invoice & Delivery Notes for WooCommerce WordPress plugin versions before 4.7.2. The vulnerability was discovered and publicly disclosed on February 2, 2023. This security issue impacts WordPress installations with WooCommerce and the affected plugin installed (WPScan).

The vulnerability is classified as a reflected Cross-Site Scripting (XSS) issue that occurs when the plugin echoes a GET value in an admin note within the WooCommerce orders page. The technical root cause involves improper handling of URL parameters, specifically where urldecode() is called after cleanup with esc_url_raw(), allowing double encoding. The vulnerability has been assigned a CVSS score of 7.5 (high) and is classified under CWE-79 (WPScan).

This vulnerability can be exploited against users with the edit_others_shop_orders capability, potentially allowing attackers to execute malicious JavaScript code in the context of the affected user's browser session. The successful exploitation could lead to unauthorized access to sensitive information or perform actions on behalf of the affected administrator (WPScan).

The vulnerability has been patched in version 4.7.2 of the Print Invoice & Delivery Notes for WooCommerce plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).