CVE-2023-4245: 
WordPress vulnerability analysis and mitigation

The WooCommerce PDF Invoice Builder for WordPress plugin (versions up to and including 1.2.89) contains a vulnerability identified as CVE-2023-4245. The vulnerability stems from a missing capability check in the GetInvoiceDetail function, which allows unauthorized access to data. This security flaw enables subscribers to view arbitrary invoices by guessing the order ID and invoice ID (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue specifically relates to a missing authorization check in the GetInvoiceDetail function, which fails to properly validate user permissions before allowing access to invoice data (Wordfence).

The vulnerability allows subscribers to access invoice information they should not have permission to view. This unauthorized access to sensitive data could potentially expose confidential business and customer information contained within the invoices (NVD).

Users should update their WooCommerce PDF Invoice Builder plugin to a version newer than 1.2.89, which contains the security fix. The vulnerability was patched by implementing proper capability checks in the GetInvoiceDetail function (WordPress Plugin).