This forum is now Read-Only. The Magento Community Forum is scheduled to close permanently on December 31, 2025. Please save any necessary information before this date. Join us on Slack for continued engagement!
A Critical Vulnerability Found in PDF Invoice Plus Extension - Be Informed if a User
Hi,
PDF Invoice Plus is an extension used by a lot of Magento customers to generate invoice for their customers. We reported a vulnerability to the vendor and worked on the fix. The direct consequence of the vulnerability was:
Any unauthenticated hacker can download any invoice
Loss of customer data of stores using the extension
