3 matches found
CVE-2023-4245
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...
CVE-2023-4245
The CVE-2023-4245 issue affects the WooCommerce PDF Invoice Builder for WordPress (versions up to 1.2.89). Root cause: missing capability check in GetInvoiceDetail, enabling unauthorized access to invoices by subscribers who can guess order and invoice IDs. Impact stated in sources is unauthorize...
WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.91 is vulnerable to Broken Access Control
Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.91 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4245 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID f1eb4f613ca1 Credits Marco Wotschka...