High severity7.2NVD Advisory· Published Jan 2, 2023· Updated Jun 17, 2026
CVE-2022-4371
CVE-2022-4371
Description
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.1.3+ 1 more
- (no CPE)range: <=2.1.3
- (no CPE)range: <=2.1.3
Patches
Vulnerability mechanics
References
2- bulletin.iese.de/post/web-invoice_2-1-3_1nvdExploitThird Party Advisory
- wpscan.com/vulnerability/45f43359-98c2-4447-b51b-2d466bad8261nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.