CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2026-7093

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

Skuul school management system 安全漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A security vulnerability exists in Skuul school management system version 2.6.5 and earlier, which stems from incorrect manipulation of the parameter invoiceid in the file...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

GHSA-PMC7-HMMW-G96Q Bagisto vulnerable to Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference IDOR in Bagisto v.1.5.0 allows an attacker to obtain sensitive information via the invoice ID parameter...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...

Design/Logic Flaw

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...