CVE-2026-8611

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2026-5234

The LatePoint WordPress plugin (versions

Resource Injection

Overview yungifez/skuul is an A multi school management system. Affected versions of this package are vulnerable to Resource Injection via the invoiceid parameter in the /dashboard/fees/fee-invoices/. A user can access unauthorized resources by manipulating this parameter remotely. Remediation...

CVE-2025-12918

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

CVE-2025-12918

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

CVE-2025-12918 yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

CVE-2025-12918 yungifez Skuul School Management System View Fee Invoice fee-invoices resource injection

A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoiceid results in improper control of...

PT-2025-45577

Name of the Vulnerable Software and Affected Versions yungifez Skuul School Management System versions up to 2.6.5 Description A security flaw exists in yungifez Skuul School Management System. Manipulation of the invoice id argument within an unknown function of the /dashboard/fees/fee-invoices/...

CVE-2023-36238

Insecure Direct Object Reference IDOR in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter...