Description
- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. v3.8.4 also added various sanitisation

First seen on: https://wpvulndb.com/vulnerabilities/9920

Share This: