Description
The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the plugin's API key stored in wp_options, modify invoice plugin settings, and alter WooCommerce tax rate data in the wp_woocommerce_tax_rates table.
Problem types
Product status
Any version
Timeline
| 2026-07-09: | Disclosed |
Credits
Benedictus Jovan (aillesiM)
References
www.wordfence.com/...-0462-447f-a639-4f95d5aa27ab?source=cve
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...includes/pages/S123_ApiKey.php
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...includes/pages/S123_ApiKey.php
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...includes/pages/S123_ApiKey.php
plugins.trac.wordpress.org/...pages/S123_InvoiceSettings.php
plugins.trac.wordpress.org/...includes/pages/S123_ApiKey.php
plugins.trac.wordpress.org/...t&new=3594935%40saskaita123-lt