Hi,
PDF Invoice Plus is an extension used by a lot of Magento customers to generate invoice for their customers. We reported a vulnerability to the vendor and worked on the fix. The direct consequence of the vulnerability was:
- Any unauthenticated hacker can download any invoice
- Loss of customer data of stores using the extension
Updating the plug-in would fix the vulnerability. You can read the other details here: https://www.getastra.com/blog/cms/magento-security/high-risk-vulnerability-pdf-invoice-plus-magento-...
Thanks,
Luce
