11 matches found
CVE-2026-9175
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...
CVE-2026-9172
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...
EUVD-2026-38677
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...
CVE-2026-9172
WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution (versions up to 1.2.0) is vulnerable to unauthorized modification/deletion of data due to a missing capability check in delete_single_account(), with the REST route devs-accounting/v1/delete-account/(?P\d+) registered wit...
CVE-2026-9172 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST Endpoint
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check on the deletesingleaccount function in versions up to, and including, 1.2.0. The REST route...
EUVD-2026-38659
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...
CVE-2026-9175 Devs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'id' Parameter
The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. This is due to the getsingleaccount REST API callback being registered with a permissioncallback that unconditionally returns tru...
PT-2026-51691
Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress contains a missing authorization flaw. The get single account...
PT-2026-51690
Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...
WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability
Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...
WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...