Wp-invoice@* Security Vulnerabilities and Issues — Wp-invoice@* CVE List

Lucene search

UsabilitydynamicsWp-invoice*

7 matches found

CVE•added 2024/01/16 4:15 p.m.•56 views

CVE-2022-1617

The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them

6.1CVSS6AI score0.00123EPSS

CVE•added 2019/09/20 3:15 p.m.•49 views

CVE-2016-11008

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

5.3CVSS5.4AI score0.00228EPSS

CVE•added 2019/09/20 3:15 p.m.•46 views

CVE-2016-11007

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

5.3CVSS5.4AI score0.00319EPSS

CVE•added 2019/09/20 3:15 p.m.•43 views

CVE-2016-11010

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

5.3CVSS5.4AI score0.00249EPSS

CVE•added 2019/09/20 3:15 p.m.•42 views

CVE-2016-11009

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

5.3CVSS5.4AI score0.00228EPSS

CVE•added 2019/09/20 3:15 p.m.•40 views

CVE-2016-11011

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

6.5CVSS6.6AI score0.00168EPSS

CVE•added 2019/09/20 3:15 p.m.•39 views

CVE-2016-11006

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

5.3CVSS5.4AI score0.00228EPSS