The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation1 reference(s) from NVD