Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
invoices vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-4932
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote malicious users to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the ...
Simple Invoices Simple Invoices
Simple Invoices Simple Invoices 2007-05-25
Simple Invoices Simple Invoices 2007-01-25
Simple Invoices Simple Invoices 2006-12-11
Simple Invoices Simple Invoices 2007-02-02
1 EDB exploit
5
CVSSv2
CVE-2007-1341
include/auth/auth.php in Simple Invoices prior to 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow malicious users to obtain sensitive information.
Simple Invoices Simple Invoices 2006-12-11
Simple Invoices Simple Invoices 2007-01-25
Simple Invoices Simple Invoices 2007-02-02
7.5
CVSSv2
CVE-2007-3430
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote malicious users to execute arbitrary SQL commands via the submit parameter in an email action.
Simple Invoices Simple Invoices 2007-05-25
1 EDB exploit
6.8
CVSSv2
CVE-2007-0787
PHP remote file inclusion vulnerability in controller.php in Simple Invoices prior to 20070202 allows remote malicious users to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.
Simple Invoices Simple Invoices 2007-02-02
NA
CVE-2023-2180
The KIWIZ Invoices Certification & PDF System WordPress plugin up to and including 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated malicious user to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming ...
Kiwiz Invoices Certification \\& Pdf System Project Kiwiz Invoices Certification \\& Pdf System
4.3
CVSSv2
CVE-2015-9370
Invoices Add-on for iThemes Exchange prior to 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Ithemes Invoices
4.3
CVSSv2
CVE-2015-9516
The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x prior to 1.8.7, 1.9.x prior to 1.9.10, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.11, 2.2.x prior to 2.2.9, and 2.3.x prior to 2.3.7, has XSS because add_query_arg is misused.
Sandhillsdev Easy Digital Downloads
Easydigitaldownloads Invoices -
6.8
CVSSv2
CVE-2017-8930
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote malicious users to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regula...
Simpleinvoices Simple Invoices 2013.1
5
CVSSv2
CVE-2020-20625
Sliced Invoices plugin for WordPress 3.8.2 and previous versions allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.
Slicedinvoices Sliced Invoices 3.8.2
3.5
CVSSv2
CVE-2021-24787
The Client Invoicing by Sprout Invoices WordPress plugin prior to 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Webventures Client Invoicing By Sprout Invoices
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »