Security Advisory: WooCommerce Delivery Notes RCE Exploit (CVE-2025-13773) (opens in new tab)

Summary A critical Remote Code Execution vulnerability in WooCommerce Delivery Notes ? 5.8.0 allowed attackers to inject PHP code into plugin settings. The malicious code executed when any admin or the backend printed an invoice via DomPDF, installing backdoors and creating unauthorized admin accounts. This vulnerability was publicly disclosed in December 2025 and is actively…