Alexmigf

**Name of the Vulnerable Software and Affected Versions** woocommerce-pdf-invoices-packing-slips versions prior to 4.0.0 **Description** This issue allows unauthorized users to access any PDF document from a store if they have access to a guest document link and replace the URL variable `my-account` with `bulk`. The problem occurs when the store's document access is set to "guest" and the user is logged out, compromising the confidentiality of sensitive documents. All stores using the plugin with the guest access option enabled are affected. **Recommendations** For versions prior to 4.0.0, upgrade to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the guest access option to minimize the risk of exploitation. Restrict access to sensitive documents until the issue is resolved.