Lucene search
K

1785 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57393

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce PDF Invoice Builder: from n/a through = 2.0.8...

6.5CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57393

CVE-2026-57393 affects the WordPress plugin WooCommerce PDF Invoice Builder (plugin slug woo-pdf-invoice-builder) up to version ≤ 2.0.8. The vulnerability is described as an Exposure of Sensitive System Information to an Unauthorized Control Sphere that allows retrieval of embedded sensitive data...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday21 views

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

9.8CVSS6.6AI score0.032EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-9857

The CVE concerns the WordPress Invoice123 plugin (versions

4.3CVSS6.1AI score0.00288EPSS
Exploits0References12
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42859

The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.1AI score0.00288EPSS
Exploits0References12
NVD
NVD
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
CVE
CVE
added 5 days ago11 views

CVE-2026-9021

The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS0.00297EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-9021

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References11
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42567

The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...

5.3CVSS6AI score0.00297EPSS
Exploits0References10
Patchstack
Patchstack
added 6 days ago4 views

WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce PDF Invoice Builder versions = 2.0.8...

6.5CVSS6.1AI score0.00371EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-43928

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:53 p.m.32 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:53 p.m.6 views

CVE-2026-43928

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 9:53 p.m.12 views

CVE-2026-43928

FOSSBilling PayPalEmail integration before 0.8.0 credits mc_gross from IPN without validating against the invoice total, combined with a $0.05 epsilon in the credit logic, enabling underpayment of up to $0.04 while marking invoices as paid. Version 0.8.0 patches the issue. No public workaround ex...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:53 p.m.1 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-42331

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:0 p.m.33 views

CVE-2026-42331 FOSSBilling missing authorization in guest Invoice API endpoints

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 9:0 p.m.8 views

EUVD-2026-41947

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6AI score0.00247EPSS
Exploits0References1
Rows per page
Query Builder