AI Score
Confidence
High
EPSS
Percentile
28.8%
Description The plugin does not have authorisation in the GetInvoiceDetail function, allowing any authenticated users, such as subscriber to access arbitrary invoice by knowing or guessing the order and invoice IDs