CVE-2026-34366

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...

CVE-2022-0707

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

EUVD-2022-15782

Malicious code in bioql PyPI...

CVE-2022-0707

The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...

CVE-2022-0707

The CVE concerns the Easy Digital Downloads WordPress plugin, specifically versions before 2.11.6. It states that there is no CSRF check when inserting payment notes, enabling a logged-in administrator to insert arbitrary notes via CSRF. The Red Hat/CNVD records confirm this as a cross-site reque...