On 11th August 2021 the team identified and confirmed a security issue in Jetpack CRM and WooCommerce Connect which could allow an unauthorised individual to view CRM invoices that weren’t associated with their own account.

The vulnerability was patched in version 4.2.4 of Jetpack CRM Core and version 2.13 of WooCommerce Connect, which were both recently released. We have no evidence that this vulnerability has been exploited, but we strongly advise you to update the extension and core CRM plugin as soon as possible.