Medium severity5.3NVD Advisory· Published Feb 19, 2025· Updated Apr 8, 2026
CVE-2024-13719
CVE-2024-13719
Description
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:pepro:peprodev_ultimate_invoice:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:pepro:peprodev_ultimate_invoice:*:*:*:*:*:wordpress:*:*range: <=2.0.8
- (no CPE)range: <=2.0.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.