We have received a couple of feedback in regards to PayPlans's PDF invoice plugin behaving out of the ordinary.
In the administrator area, site admins are able to download single as well as bulk invoices. For some reason, should anyone with these report URLs were able to access these informations, even when a user do not have any admin rights or not logged into the system. Therefore making your site vulnerable of disclosing such sensitive information out to the public.
We have quickly applied the necessary fixes and now these invoices and reports are only downloadable from backend if and only when the site admins are logged in.
How to update?
- Access the backend of your PayPlans
- Then head over to the app store
- Hit upgrade PDF invoice app and you are good to go
Should you need any further assistance, please do not hesitate to contact us.
Now for the next 3 days, you can also enjoy 15% off when you purchase any of our PayPlans products with this coupon code [ PAY15PLANS ].
Our devs are currently working on simplifying the entire PayPlans installer as well as revamping the backend interface, to appear uniform with the rest of our Joomla extensions. Get excited as more updates will be out real soon!