The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-08-31T05:33:04.205Z

Updated: 2024-08-02T07:24:03.577Z

Reserved: 2023-08-08T16:49:04.735Z

Link: CVE-2023-4245

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-31T06:15:10.983

Modified: 2024-11-21T08:34:42.257

Link: CVE-2023-4245

cve-icon Redhat

No data.