WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by HaiND in WordPress Plugin Easy Invoice versions = 2.1.19...

EUVD-2026-15188

The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII...

WordPress plugin Print Invoice & Delivery Notes for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through = 2.0.9...

WordPress plugin Easy Invoice 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2016-2000

Malware in sbrugna...

EUVD-2016-2001

Malware in sbrugna...

EUVD-2024-50683

Malicious code in bioql PyPI...

EUVD-2022-51722

Malicious code in bioql PyPI...

EUVD-2022-24906

Malicious code in bioql PyPI...

CVE-2022-1617

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...

CVE-2022-4371

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

CVE-2016-11009

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiinterkassa payer metadata updates...

CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpitwocheckout payer metadata updates...

CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiuserid for invoice retrieval...

CVE-2024-13640 Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in...

CVE-2024-49298 WordPress PeproDev Ultimate Invoice plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice pepro-ultimate-invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through = 2.0.6...

WordPress Expert Invoice plugin <= 1.0.2 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Guido Iván García Duva in WordPress Plugin Expert Invoice versions = 1.0.2...

PT-2024-29873 · Arconix +1 · Arconix Faq +2

Name of the Vulnerable Software and Affected Versions: Print Invoice & Delivery Notes for WooCommerce versions 4.8.1 and earlier Arconix Shortcodes versions 2.1.10 and earlier Arconix FAQ versions 1.9.3 and earlier Description: The issue is related to a Missing Authorization vulnerability. This...