The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.Referenceshttps://wpvulndb.com/vulnerabilities/8378https://wordpress.org/plugins/wp-invoice/#developershttp://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities
