{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T07:18:14.766","vulnerabilities":[{"cve":{"id":"CVE-2024-13719","sourceIdentifier":"security@wordfence.com","published":"2025-02-19T08:15:20.737","lastModified":"2026-04-08T18:20:14.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.9 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users."},{"lang":"es","value":"El complemento PeproDev Ultimate Invoice para WordPress es vulnerable a la referencia de objetos directos inseguros en todas las versiones hasta 2.0.8 incluida, a través del visor de facturación debido a la validación faltante en una clave controlada por el usuario. Esto hace posible que los atacantes no autenticados vean las facturas para pedidos completos que pueden contener PII de usuarios."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pepro:peprodev_ultimate_invoice:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.0.8","matchCriteriaId":"D0AF0E40-CD05-46B9-B87F-249FF371806E"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244844%40pepro-ultimate-invoice&new=3244844%40pepro-ultimate-invoice&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://wordpress.org/plugins/pepro-ultimate-invoice/","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/46186f8d-e50c-476a-9480-b6121412474a?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}