PeproDev Ultimate Invoice

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.

Basic Information

ID CVE-2026-2343

Source WPScan

Published Mar 25, 2026 at 06:00

Modified Apr 2, 2026 at 12:39

Affected Product

Vendor Unknown

Product PeproDev Ultimate Invoice

Affected Versions Unknown PeproDev Ultimate Invoice 0

CWE Classification

References

wpscan.com /vulnerability/ac1572ca-7994-401d-a268-6a8773e60ab1/

{
    "lastseen": "",
    "description": "The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.",
    "published": "2026-03-25T06:00:02.327Z",
    "modified": "2026-04-02T12:39:57.633Z",
    "type": "cve",
    "title": "PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/ac1572ca-7994-401d-a268-6a8773e60ab1/",
    "id": "CVE-2026-2343",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown PeproDev Ultimate Invoice 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PeproDev Ultimate Invoice",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download_CVE-2026-2343