Lucene search
K

4 matches found

NVD
NVD
added yesterday6 views

CVE-2026-9857

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00473EPSS
Exploits0References12
Cvelist
Cvelist
added yesterday7 views

CVE-2026-9857 Invoice123 <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification via s123_submit_api_key & s123_submit_invoice_settings AJAX actions

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00473EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-9857

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.1AI score0.00473EPSS
Exploits0References13
Patchstack
Patchstack
added 2 days ago5 views

WordPress Invoice123 plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Setting Modification vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Invoice123 versions = 1.7.0...

4.3CVSS6.1AI score0.00473EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder