7 matches found
CVE-2016-11011
The CVE-2016-11011 entry concerns the WordPress plugin WP-Invoice prior to version 4.1.1, which is affected by a privilege-escalation vulnerability in the wpi_update_user_option component. The issue enables elevated privileges within the plugin, as described across multiple sources (NVD entry ref...
CVE-2022-1617
The CVE-2022-1617 entry concerns the WP-Invoice WordPress plugin (versions 4.3.1 and earlier) where missing CSRF protection plus insufficient sanitization/escaping in update settings allows a logged-in administrator to inject stored XSS payloads. Exploitation is demonstrated in multiple sources (...
CVE-2016-11008
The CVE-2016-11008 entry concerns the WordPress plugin WP-Invoice prior to 4.1.1, where there is incorrect access control over wpi_paypal payer metadata updates. The issue is described as an access-control flaw in the handling of PayPal payer metadata, affecting releases before 4.1.1. Public tech...
CVE-2016-11007
The CVE-2016-11007 entry concerns the WordPress plugin WP-Invoice. Affected component: WP-Invoice plugin for WordPress (version prior to 4.1.1). Root cause: incorrect access control over wpi_user_id used for invoice retrieval. Impact: potential information disclosure due to unauthorized access to...
CVE-2016-11009
The CVE-2016-11009 entry affects the WordPress plugin WP-Invoice prior to version 4.1.1 . The vulnerability is caused by incorrect access control over wpi_interkassa payer metadata updates . The impact is described as an access control issue; no exploitation details are provided in the given docu...
CVE-2016-11010
The CVE-2016-11010 entry concerns the WordPress WP-Invoice plugin, affected in versions before 4.1.1. The root cause is incorrect access control over wpi_twocheckout payer metadata updates, enabling potential unauthorized updates to payer data. Public documentation in the provided sources confirm...
CVE-2016-11006
CVE-2016-11006 affects the WP-Invoice WordPress plugin prior to version 4.1.1. The root issue is incorrect access control for admin_init settings changes, enabling potential unauthorized modification of settings. Public details list this as a privilege/permission-related flaw with a medium-severi...