Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
usabilitydynamics wp-invoice vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1617
The WP-Invoice WordPress plugin up to and including 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing malicious user to make a logged in admin change them and add XSS payload in them
Usabilitydynamics Wp-invoice
445
VMScore
CVE-2016-11006
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Usabilitydynamics Wp-invoice
445
VMScore
CVE-2016-11009
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Usabilitydynamics Wp-invoice
356
VMScore
CVE-2016-11011
The wp-invoice plugin prior to 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Usabilitydynamics Wp-invoice
445
VMScore
CVE-2016-11007
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Usabilitydynamics Wp-invoice
445
VMScore
CVE-2016-11008
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Usabilitydynamics Wp-invoice
445
VMScore
CVE-2016-11010
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Usabilitydynamics Wp-invoice
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started