A vulnerability identified as critical has been detected in matrixaddons Easy Invoice Plugin up to 2.1.19. This issue affects the function
easy_invoice_accept_quote/easy_invoice_decline_quote of the component Quote Management. The manipulation of the argument nonce leads to missing authorization.
This vulnerability is listed as CVE-2026-9021. The attack may be initiated remotely. There is no available exploit.