VYPR

WP-Invoice

by WordPress

CVEs (7)

  • CVE-2016-11011MedSep 20, 2019
    risk 0.42cvss 6.5epss 0.01

    The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

  • CVE-2022-1617MedJan 16, 2024
    risk 0.40cvss 6.1epss 0.00

    The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them

  • CVE-2016-11010MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.02

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

  • CVE-2016-11009MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.02

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

  • CVE-2016-11008MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.02

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

  • CVE-2016-11007MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.02

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

  • CVE-2016-11006MedSep 20, 2019
    risk 0.35cvss 5.3epss 0.02

    The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.