CVE-2023-4245

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 31, 2023
Updated: Nov 7, 2023
CWE ID 706

Summary

CVE-2023-4245: A vulnerability has been identified in the WooCommerce PDF Invoice Builder plugin for WordPress. The issue lies in the GetInvoiceDetail function, which lacks adequate capability checks in versions up to 1.2.89. This weakness enables subscribers to unauthorizedly access invoice data by guessing the order and invoice IDs. The potential impact includes exposure of sensitive financial information. Users are urged to update to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share