cancel
Showing results for 
Search instead for 
Did you mean: 

A Critical Vulnerability Found in PDF Invoice Plus Extension - Be Informed if a User

A Critical Vulnerability Found in PDF Invoice Plus Extension - Be Informed if a User

Hi,

 

PDF Invoice Plus is an extension used by a lot of Magento customers to generate invoice for their customers. We reported a vulnerability to the vendor and worked on the fix. The direct consequence of the vulnerability was:

  • Any unauthenticated hacker can download any invoice
  • Loss of customer data of stores using the extension

Updating the plug-in would fix the vulnerability. You can read the other details here: https://www.getastra.com/blog/cms/magento-security/high-risk-vulnerability-pdf-invoice-plus-magento-...

 

Thanks,

Luce