The plugin Sliced Invoices was closed on the Plugin Directory on October 8. No reason has been given for the closure. Subsequent to that a new version was submitted with a changelog entry “SECURITY UPDATE: security updates per wordpress requirements”. Looking at the changes made we found that security checks were added with various functionality. That includes an information disclosure vulnerability that would permit anyone to view all the quotes and invoices created with the plugin.

…

[Read more]