WordPress PeproDev Ultimate Invoice plugin < 2.2.6 - Unauthenticated Invoice Archive Download vulnerability

Unauthenticated Invoice Archive Download vulnerability discovered by Ashkan Moghaddas in WordPress Plugin PeproDev Ultimate Invoice versions 2.2.6...

CVE-2026-2343

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

CVE-2026-2343

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

CVE-2026-2343

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

CVE-2026-2343

The CVE-2026-2343 entry concerns the PeproDev Ultimate Invoice WordPress plugin (up to version 2.2.5). Affected component: bulk download invoices action that creates ZIP archives containing exported invoice PDFs. Root cause: ZIPs are named predictably, enabling brute force access to PII stored in...

CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

WordPress plugin PeproDev Ultimate Invoice 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-27640

Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...

EUVD-2024-43363

Malicious code in bioql PyPI...

EUVD-2024-23235

Malicious code in bioql PyPI...

EUVD-2024-30320

Malicious code in bioql PyPI...

CVE-2024-25933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7...

CVE-2024-32518

Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0...

CVE-2024-49298

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice pepro-ultimate-invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through = 2.0.6...

CVE-2024-13719

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

CVE-2024-13719

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

WordPress plugin PeproDev Ultimate Invoice 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...