4 matches found
CVE-2024-13719
creationtimestamp| type| source ---|---|--- 2025-02-19 08:16:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijdknorun2g 2025-02-19 08:41:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4797 2025-02-19 12:01:16+00:00| seen|...
CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...
CVE-2024-13719
CVE-2024-13719 relates to the PeproDev Ultimate Invoice plugin for WordPress. The vulnerability is an insecure direct object reference in the invoicing viewer that arises from missing validation of a user controlled key, allowing unauthenticated attackers to view invoices for completed orders and...
CVE-2024-13719 PeproDev Ultimate Invoice <= 2.0.9 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...