Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
usabilitydynamics vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-1617
The WP-Invoice WordPress plugin up to and including 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing malicious user to make a logged in admin change them and add XSS payload in them
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11006
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11010
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11007
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11009
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Usabilitydynamics Wp-invoice
5
CVSSv2
CVE-2016-11008
The wp-invoice plugin prior to 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Usabilitydynamics Wp-invoice
4
CVSSv2
CVE-2016-11011
The wp-invoice plugin prior to 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Usabilitydynamics Wp-invoice
6.8
CVSSv2
CVE-2022-1202
The WP-CRM WordPress plugin up to and including 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
Usabilitydynamics Wp-crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started