The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-08-31T05:33:04.205Z
Updated: 2024-08-02T07:24:03.577Z
Reserved: 2023-08-08T16:49:04.735Z
Link: CVE-2023-4245
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-31T06:15:10.983
Modified: 2024-11-21T08:34:42.257
Link: CVE-2023-4245
Redhat
No data.