Lucene search
K
UsabilitydynamicsWp-invoice

7 matches found

CVE
CVE
added 2019/09/20 2:47 p.m.74 views

CVE-2016-11011

The CVE-2016-11011 entry concerns the WordPress plugin WP-Invoice prior to version 4.1.1, which is affected by a privilege-escalation vulnerability in the wpi_update_user_option component. The issue enables elevated privileges within the plugin, as described across multiple sources (NVD entry ref...

6.5CVSS6.6AI score0.01374EPSS
CVE
CVE
added 2024/01/16 3:52 p.m.74 views

CVE-2022-1617

The CVE-2022-1617 entry concerns the WP-Invoice WordPress plugin (versions 4.3.1 and earlier) where missing CSRF protection plus insufficient sanitization/escaping in update settings allows a logged-in administrator to inject stored XSS payloads. Exploitation is demonstrated in multiple sources (...

6.1CVSS6AI score0.00266EPSS
Web
CVE
CVE
added 2019/09/20 2:44 p.m.59 views

CVE-2016-11008

The CVE-2016-11008 entry concerns the WordPress plugin WP-Invoice prior to 4.1.1, where there is incorrect access control over wpi_paypal payer metadata updates. The issue is described as an access-control flaw in the handling of PayPal payer metadata, affecting releases before 4.1.1. Public tech...

5.3CVSS5.4AI score0.01766EPSS
CVE
CVE
added 2019/09/20 2:44 p.m.54 views

CVE-2016-11007

The CVE-2016-11007 entry concerns the WordPress plugin WP-Invoice. Affected component: WP-Invoice plugin for WordPress (version prior to 4.1.1). Root cause: incorrect access control over wpi_user_id used for invoice retrieval. Impact: potential information disclosure due to unauthorized access to...

5.3CVSS5.4AI score0.01972EPSS
CVE
CVE
added 2019/09/20 2:45 p.m.54 views

CVE-2016-11009

The CVE-2016-11009 entry affects the WordPress plugin WP-Invoice prior to version 4.1.1 . The vulnerability is caused by incorrect access control over wpi_interkassa payer metadata updates . The impact is described as an access control issue; no exploitation details are provided in the given docu...

5.3CVSS5.4AI score0.01766EPSS
CVE
CVE
added 2019/09/20 2:46 p.m.54 views

CVE-2016-11010

The CVE-2016-11010 entry concerns the WordPress WP-Invoice plugin, affected in versions before 4.1.1. The root cause is incorrect access control over wpi_twocheckout payer metadata updates, enabling potential unauthorized updates to payer data. Public documentation in the provided sources confirm...

5.3CVSS5.4AI score0.01766EPSS
CVE
CVE
added 2019/09/20 2:43 p.m.50 views

CVE-2016-11006

CVE-2016-11006 affects the WP-Invoice WordPress plugin prior to version 4.1.1. The root issue is incorrect access control for admin_init settings changes, enabling potential unauthorized modification of settings. Public details list this as a privilege/permission-related flaw with a medium-severi...

5.3CVSS5.4AI score0.01766EPSS