Lucene search
WPScanCVELIST:CVE-2022-1617HistoryJan 16, 2024 - 3:52 p.m.
CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2024-01-1615:52:49
WPScan
www.cve.org
2
cve-2022-1617
wp-invoice
csrf
cross-site scripting
wordpress plugin
EPSS
0.001
Percentile
17.0%
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP-Invoice",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "4.3.1"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1617
2024-01-16 16:15:09
wpexploit
wpexploit
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2022-04-25 00:00:00
cve
cve
CVE-2022-1617
2024-01-16 16:15:09
wpvulndb
wpvulndb
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
2022-04-25 00:00:00