Описание
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.8 (включая)
cpe:2.3:a:pepro:peprodev_ultimate_invoice:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00209
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
CWE-639
Связанные уязвимости
CVSS3: 5.3
github
12 месяцев назад
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
EPSS
Процентиль: 43%
0.00209
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
CWE-639