51 matches found
EUVD-2016-2001
Malware in sbrugna...
EUVD-2016-2000
Malware in sbrugna...
EUVD-2016-1997
Malware in sbrugna...
EUVD-2016-1999
Malware in sbrugna...
EUVD-2022-24906
Malicious code in bioql PyPI...
CVE-2022-1617
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...
CVE-2016-11006
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admininit settings changes...
CVE-2016-11011
The wp-invoice plugin before 4.1.1 for WordPress has wpiupdateuseroption privilege escalation...
CVE-2016-11008
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpipaypal payer metadata updates...
CVE-2016-11009
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiinterkassa payer metadata updates...
CVE-2016-11010
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpitwocheckout payer metadata updates...
CVE-2016-11007
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpiuserid for invoice retrieval...
CVE-2022-1617
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...
CVE-2022-1617
The CVE-2022-1617 entry concerns the WP-Invoice WordPress plugin (versions 4.3.1 and earlier) where missing CSRF protection plus insufficient sanitization/escaping in update settings allows a logged-in administrator to inject stored XSS payloads. Exploitation is demonstrated in multiple sources (...
CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them...
WordPress plugin WP-Invoice security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-11511 · WordPress · Wp-Invoice
Name of the Vulnerable Software and Affected Versions: WP-Invoice WordPress plugin versions 4.3.1 and earlier Description: The issue is related to the lack of CSRF check when updating settings and insufficient sanitization and escaping in some settings, allowing an attacker to make a logged-in...
WordPress WP-Invoice plugin <= 4.3.1 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Mariam Tariq in WordPress WP-Invoice plugin versions = 4.3.1. Solution No patched version is available...
WP-Invoice <= 4.3.1 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attacker to make a logged in admin update them and change the minimum role allowed to access the plugin's features to subscriber for example, which would make invoices available to any authenticated users...
WordPress WP-Invoice plugin <= 4.3.1 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress WP-Invoice plugin versions = 4.3.1. Solution No patched version is available...