42 matches found
CVE-2026-9857
The CVE concerns the WordPress Invoice123 plugin (versions
CVE-2026-9021 Easy Invoice <= 2.1.19 - Unauthenticated Arbitrary Quote Accept/Decline and Invoice Creation via easy_invoice_accept_quote / easy_invoice_decline_quote AJAX Actions
The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.19. This is due to the plugin registering the easyinvoiceacceptquote and easyinvoicedeclinequote AJAX actions via wpajaxnopriv hooks and relying solely on a quote-scoped nonce that i...
CVE-2026-9021
The CVE concerns the WordPress plugin Easy Invoice (WordPress plugin) with vulnerability in versions up to 2.1.19. The root cause is Missing Authorization via AJAX actions easy_invoice_accept_quote and easy_invoice_decline_quote , registered with wp_ajax_nopriv_ hooks and relying on a quote-scope...
CVE-2026-48836
The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...
WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability
Remote Code Execution RCE vulnerability discovered by HaiND in WordPress Plugin Easy Invoice versions = 2.1.19...
EUVD-2026-15188
The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...
WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...
WordPress plugin Easy Invoice 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2016-2001
Malware in sbrugna...
EUVD-2016-2000
Malware in sbrugna...
EUVD-2022-51722
Malicious code in bioql PyPI...
EUVD-2024-50683
Malicious code in bioql PyPI...
EUVD-2022-24906
Malicious code in bioql PyPI...
CVE-2022-1617
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...
CVE-2022-4371
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...
CVE-2022-4372
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...
CVE-2016-11009
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiinterkassa payer metadata updates...
CVE-2016-11010
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpitwocheckout payer metadata updates...
CVE-2016-11007
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiuserid for invoice retrieval...