Easy Invoice Invoice Generator Pdf Quotes Payments
Monthly
Unauthenticated remote manipulation of published business quotes is possible in the Easy Invoice WordPress plugin (versions up to and including 2.1.19) due to missing authorization on AJAX endpoints. The plugin registers quote acceptance and decline actions via wp_ajax_nopriv_ hooks - making them reachable without credentials - while the only gate is a per-quote nonce that is embedded directly in the publicly viewable single-quote template. The ownership restriction that would prevent non-owners from acting on quotes is controlled by an off-by-default Pro feature flag, meaning the overwhelming majority of free-tier deployments are fully exposed to arbitrary quote status manipulation, including automatic invoice generation and client email dispatch. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Unauthenticated remote manipulation of published business quotes is possible in the Easy Invoice WordPress plugin (versions up to and including 2.1.19) due to missing authorization on AJAX endpoints. The plugin registers quote acceptance and decline actions via wp_ajax_nopriv_ hooks - making them reachable without credentials - while the only gate is a per-quote nonce that is embedded directly in the publicly viewable single-quote template. The ownership restriction that would prevent non-owners from acting on quotes is controlled by an off-by-default Pro feature flag, meaning the overwhelming majority of free-tier deployments are fully exposed to arbitrary quote status manipulation, including automatic invoice generation and client email dispatch. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV.