PT-2026-27640 · WordPress · Peprodev Ultimate Invoice
Ashkan Moghaddas
·
Published
2026-03-25
·
Updated
2026-03-25
·
CVE-2026-2343
CVSS v3.1
5.3
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5
Description
The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowing an attacker to brute force and retrieve Personally Identifiable Information (PII).
Recommendations
Update PeproDev Ultimate Invoice WordPress plugin to a version later than 2.2.5.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Peprodev Ultimate Invoice