Pepro

pepro

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Peprodev Ultimate Invoice

peprodev_ultimate_invoice

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13719 1Pepro 1Peprodev Ultimate Invoice Apr 8, 2026 Feb 19, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key...Show more The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-13719

1Pepro

1Peprodev Ultimate Invoice

Apr 8, 2026

Feb 19, 2025

N/A· v4

5.3 MEDIUM· v3

N/A· v2

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.Show less