CVE-2023-2180

Name of the Vulnerable Software and Affected Versions KIWIZ Invoices Certification & PDF System WordPress plugin versions 2.1.3 and earlier

Description The issue allows an unauthenticated attacker to read or download arbitrary files, as well as perform PHAR unserialization if they can upload a file to the server. This is due to the plugin not validating the path of files to be downloaded.

Recommendations For versions 2.1.3 and earlier, update to a version later than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent potential PHAR unserialization attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation.