Vulnerability?

Hi there,

This is a false report, which we dispute strongly. There is NO vulnerability, and no update is required.

The report comes from a “security researcher” at Patchstack. We wrote to them back in October because what they are claiming as a “vulnerability” is not at all, but actually a well-documented ease-of-use feature of Sliced Invoices that has existed since day-1. The following is the email we sent to them for your reference. (Unfortunately they chose to ignore us.)

If you are concerned about securing your invoices, please see this page in our documentation: https://slicedinvoices.com/support/securing-your-invoices

We also sent out an email to all customers about this on October 30, 2024, titled “Securing Your Invoices”, which was as follows:

It is really a shame that a “security” company is now getting in the business of telling plugin developers which features they can or cannot have, simply because they don’t like them. Ease-of-use, especially being able to send a link to an invoice and having your client be able to see it without any login required, has been a cornerstone of Sliced Invoices since day-1 and its one of the biggest reasons our plugin is so popular. If you need to limit access to your invoices there are many ways to do that, but it should be your decision. It should not be up to Patchstack to tell us, or you, what is allowed.

Sincerely,

David Grant
Developer of Sliced Invoices