Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
invoices vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-4245
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided t...
Rednao Woocommerce Pdf Invoice Builder
9.1
CVSSv3
CVE-2021-36800
Akaunting version 2.1.12 and previous versions suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issu...
Akaunting Akaunting
NA
CVE-2024-3216
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This m...
NA
CVE-2015-4381
Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors...
Invoice Project Invoice 6.x-1.1
Invoice Project Invoice 7.x-1.x-dev
NA
CVE-2015-4382
Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3 for Drupal allow remote malicious users to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter in...
Invoice Project Invoice 7.x-1.x-dev
Invoice Project Invoice 6.x-1.1
7.2
CVSSv3
CVE-2024-3045
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthentic...
7.2
CVSSv3
CVE-2024-3047
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated malicious users to make web requests to arbitrary locations ...
NA
CVE-2024-0957
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. T...
4.3
CVSSv3
CVE-2023-3764
The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated malicious users to ...
Rednao Woocommerce Pdf Invoice Builder
NA
CVE-2005-0669
Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 up to and including 1.2.1b allow remote malicious users to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module,...
Coinsoft Technologies Phpcoin 1.2
Coinsoft Technologies Phpcoin 1.2.1
Coinsoft Technologies Phpcoin 1.2.1b
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »