Vulnerability in Peprodev Ultimate Invoice
CVE-2026-2343
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retrei…
EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.
Affected products
- Unknown Peprodev Ultimate Invoice — versions 0
References
- wpscan.com/vulnerability/ac1572ca-7994-401d-a268-6a8773e60ab1/ (exploit, vdb-entry, technical-description)