Lucene search
K

26 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score
Exploits0References11
CVE
CVE
added 4 hours ago7 views

CVE-2026-9021

The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...

5.3CVSS6AI score
Exploits0References10
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48836

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS0.00572EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.5 views

EUVD-2026-36844

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS5.5AI score0.00572EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.41 views

CVE-2026-48836

The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...

10CVSS5.5AI score0.00572EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS0.00572EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49474

Name of the Vulnerable Software and Affected Versions Easy Invoice versions prior to 2.1.20 Description An unauthenticated Remote Code Execution RCE flaw allows an attacker to execute arbitrary code on the system without requiring login credentials. Recommendations Update to a version newer than...

10CVSS6.1AI score0.00572EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/01 1:32 p.m.12 views

WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by HaiND in WordPress Plugin Easy Invoice versions = 2.1.19...

10CVSS5.8AI score0.00572EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.7 views

CVE-2025-6324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS6.4AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.3 views

EUVD-2025-204093

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:16 a.m.5 views

CVE-2025-6324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.0 views

CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS5.4AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.24 views

CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

7.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:22 a.m.12 views

CVE-2025-6324

CVE-2025-6324 concerns a DOM-based XSS in the WordPress plugin “Easy Invoice” (MatrixAddons Easy Invoice), affecting versions from unknown start through 2.0.9. The vulnerability is described as improper neutralization of input during web page generation, enabling cross-site scripting. Multiple co...

7.1CVSS6AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52153

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

6.4AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin Easy Invoice 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.1CVSS6AI score0.00149EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.8 views

WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Easy Invoice versions = 2.1.4...

6.6CVSS7AI score0.00352EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/22 12:34 p.m.19 views

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

6.6CVSS7.1AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/21 3:31 p.m.5 views

EUVD-2025-198439

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

6.6AI score0.00352EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 1:15 p.m.8 views

CVE-2025-66115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through = 2.1.4...

6.6CVSS0.00352EPSS
Exploits0References1
Rows per page
Query Builder