Jetpack CRM WooCommerce Connect < 2.13 – Unauthorized Invoice Disclosure

Affects Plugins

jetpackcrm-ext-woo-connect

Fixed in 2.13

zero-bs-crm

Fixed in 4.2.4

References

URL

https://jetpackcrm.com/vulnerability-detected-in-jetpack-crm-what-you-need-to-know/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

3.7 (low)

Miscellaneous

Verified

Yes

WPVDB ID

853ab4ce-5e22-4bd1-a3b2-65d744d971cb

Timeline

Publicly Published

2021-09-14 (about 4 years ago)

Added

2024-10-28 (about 1 year ago)

Last Updated

2024-10-28 (about 1 year ago)

Other

Published

Title

Published

2025-11-10

Title

Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State

Published

2025-03-07

Title

Print Invoice & Delivery Notes for WooCommerce < 5.5.0 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2026-01-08

Title

weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot < 2.1.16 - Unauthenticated Sensitive Information Exposure

Published

2023-12-28

Title

Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs

Published

2025-02-12

Title

JS Help Desk – The Ultimate Help Desk & Support Plugin < 2.8.9 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory