Lucene search
K

719 matches found

NVD
NVD
added 10 hours ago3 views

CVE-2026-57418

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added 12 hours ago4 views

CVE-2026-57418 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS
Exploits0References1
CVE
CVE
added 12 hours ago4 views

CVE-2026-57418

CVE-2026-57418 covers a Missing Authorization vulnerability in the WordPress/plugin set associated with Sprout Invoices, specifically the Sprout Invoices Client Invoicing (WordPress plugin, versions up to 20.8.13). The root cause is an Incorrectly Configured Access Control , described as broken a...

6.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-13116 PDF Invoices & Packing Slips for WooCommerce <= 5.14.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via 'order_id' Shortcode Attribute

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2 days ago11 views

PT-2026-57388

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References11
Patchstack
Patchstack
added 5 days ago5 views

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by she11f in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.13...

6.5CVSS6.1AI score
Exploits0Affected Software1
NVD
NVD
added last week6 views

CVE-2026-42331

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-42331 FOSSBilling missing authorization in guest Invoice API endpoints

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-42331

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week13 views

CVE-2026-42331

FOSSBilling before version 0.8.0 has an authorization gap in the Guest API invoice/update endpoint. An unauthenticated attacker who knows an invoice hash can modify the payment gateway associated with an unpaid invoice, potentially changing gateway_id to any gateway configured in the system. The ...

7.7CVSS6AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-42341

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have an unauthenticated payment bypass vulnerability in FOSSBilling's IPN callback endpoint. When the Custom payment adapter is enabled, an attacker can mark any unpaid invoice as paid and credit...

9.2CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:30 a.m.38 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS0.00203EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 2:30 a.m.19 views

CVE-2026-14791

CVE-2026-14791 affects crater-invoice-inc crater up to 6.0.6. The vulnerability exists in the function getFormattedString of app/Http/Requests/InvoicesRequest.php within the Invoice Note Handler . Manipulating the argument notes may lead to cross-site scripting (XSS) . The attack can be launched ...

5.1CVSS4.1AI score0.00203EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56060

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39714

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS5.8AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 7:9 p.m.20 views

CVE-2026-57521

Bitwarden Server (pre-2026.5.0) has a broken access control in PreviewInvoiceController: any authenticated user can supply an arbitrary organizationId to access that organization’s billing data without membership checks. The issue stems from the missing ManageOrganizationBillingRequirement on the...

5.3CVSS6AI score0.00248EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/06/24 7:16 a.m.14 views

CVE-2026-9612

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS0.00308EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.34 views

CVE-2026-9612 WhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLs

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS0.00308EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-9612

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References8
Rows per page
Query Builder