High severity7.5NVD Advisory· Published May 15, 2023· Updated Jun 17, 2026
CVE-2023-2180
CVE-2023-2180
Description
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/KIWIZ Invoices Certification & PDF Systemdescription
- Range: <=2.1.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.