26 matches found
CVE-2026-12415
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
CVE-2026-12415
The CVE concerns the WordPress plugin Invoice Generator. Vulnerable in versions up to 1.0.0 due to a missing capability check on the pravel_invoice_edit_account() AJAX action. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account and accepts attacker-controlled user_id and user_em...
CVE-2026-12415 Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
EUVD-2026-39943
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravelinvoiceeditaccount AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wpajaxnoprivpravelinvoiceeditaccount, accepts an attacker-controlled...
WordPress Invoice Generator plugin <= 1.0.0 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Alyudin Nafiie in WordPress Plugin Invoice Generator versions = 1.0.0...
CVE-2026-12416
The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...
CVE-2026-12416 Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter
The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...
EUVD-2026-38680
The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due to the pravelinvoicechangepassword function being registered as a nopriv AJAX handler with no nonce verification and no authorization check, and...
CVE-2026-12416
The CVE affects the WordPress Invoice Generator plugin up to version 1.0.0. The root cause is pravel_invoice_change_password(), registered as a nopriv AJAX handler without nonce or authorization checks, which compares the supplied reset_activation_code to the user’s forgot_email meta with a loose...
EUVD-2024-49264
Malicious code in bioql PyPI...
EUVD-2023-58873
Malicious code in bioql PyPI...
CVE-2024-8560
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /saveinvoice.php. The manipulation of the argument...
CVE-2023-6650
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploi...
CVE-2024-8560
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /saveinvoice.php. The manipulation of the argument...
CVE-2024-8560
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /saveinvoice.php. The manipulation of the argument...
CVE-2024-8560 SourceCodester Simple Invoice Generator System save_invoice.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Affected is an unknown function of the file /saveinvoice.php. The manipulation of the argument...
CVE-2024-8560
The CVE-2024-8560 entry affects SourceCodester Simple Invoice Generator System 1.0. A vulnerability in the /save_invoice.php function allows SQL injection via manipulated parameters (invoice_code, customer, cashier, total_amount, discount_percentage, discount_amount, tendered_amount) and can be e...
PT-2024-39097 · Unknown · Sourcecodester Simple Invoice Generator System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Invoice Generator System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /save invoice.php. The manipulation of the arguments invoice code, customer, cashier,...
CVE-2023-6650
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploi...
CVE-2023-6650
A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploi...