Description

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create/view clients, payments, estimates and invoices, or save new importer options, including uploading CSVs. WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress version 9.3 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 9.4 or latest

References

Related Vulnerabilities