High severity7.2NVD Advisory· Published Jan 2, 2023· Updated Jun 17, 2026
CVE-2022-4372
CVE-2022-4372
Description
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=2.1.3+ 1 more
- (no CPE)range: <=2.1.3
- (no CPE)range: <=2.1.3
Patches
Vulnerability mechanics
References
2- bulletin.iese.de/post/web-invoice_2-1-3_2nvdExploitThird Party Advisory
- wpscan.com/vulnerability/218f8015-e14b-46a8-889d-08b2b822f8aenvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.