Description

WordPress Plugin Sprout Invoices-Client Invoicing & Estimates is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create/view clients, payments, estimates and invoices, or save new importer options, including uploading CSVs. WordPress Plugin Sprout Invoices-Client Invoicing & Estimates version 9.3 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 9.4 or latest

References

Related Vulnerabilities