Lucene search

Usabilitydynamics Security Vulnerabilities

cve

CVE-2022-1617

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in...

6.1CVSS

6AI Score

0.0005EPSS

2024-01-16 04:15 PM

cve

CVE-2022-1202

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection...

7.8CVSS

7.7AI Score

0.001EPSS

2022-06-13 01:15 PM

cve

CVE-2016-11009

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata...

5.3CVSS

5.4AI Score

0.001EPSS

2019-09-20 03:15 PM

cve

CVE-2016-11006

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings...

5.3CVSS

5.4AI Score

0.001EPSS

2019-09-20 03:15 PM

cve

CVE-2016-11011

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege...

6.5CVSS

6.6AI Score

0.001EPSS

2019-09-20 03:15 PM

cve

CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata...

5.3CVSS

5.4AI Score

0.001EPSS

2019-09-20 03:15 PM

cve

CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata...

5.3CVSS

5.4AI Score

0.001EPSS

2019-09-20 03:15 PM

cve

CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice...

5.3CVSS

5.4AI Score

0.001EPSS

2019-09-20 03:15 PM