- Description
- The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-13719 Unauthenticated Insecure Direct Object Reference in PeproDev Ultimate Invoice WordPress Plugin https://t.co/WgXKo7WEFf
@VulmonFeeds
19 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13719 The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing vie… https://t.co/MgNop2VO0i
@CVEnew
19 Feb 2025
336 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes