CVE-2026-2343

MEDIUM 5.3

PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

11th

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.

Vendor	unknown
Product	peprodev ultimate invoice
Published	Mar 25, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown peprodev ultimate invoice

Be the first to know when new medium vulnerabilities affecting unknown peprodev ultimate invoice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / PeproDev Ultimate Invoice

0 ≤ 2.2.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/ac1572ca-7994-401d-a268-6a8773e60ab1/

Credits

Ashkan Moghaddas WPScan