Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:52 a.m.19 views

CVE-2022-1617

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

6.1CVSS6AI score0.00266EPSS
Exploits2References1
NVD
NVD
added 2024/01/16 4:15 p.m.36 views

CVE-2022-1617

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

6.1CVSS6.1AI score0.00266EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:52 p.m.24 views

CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

6.2AI score0.00266EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:52 p.m.37 views

CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

6.2AI score0.00266EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:52 p.m.75 views

CVE-2022-1617

The CVE-2022-1617 entry concerns the WP-Invoice WordPress plugin (versions 4.3.1 and earlier) where missing CSRF protection plus insufficient sanitization/escaping in update settings allows a logged-in administrator to inject stored XSS payloads. Exploitation is demonstrated in multiple sources (...

6.1CVSS6AI score0.00266EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder