Wp Invoice

wp-invoice

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1617 1Usabilitydynamics 1Wp Invoice Jun 11, 2025 Jan 16, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin cha...Show more The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in themShow less
CVE-2016-11011 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVE-2016-11010 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
CVE-2016-11009 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CVE-2016-11008 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CVE-2016-11007 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
CVE-2016-11006 1Usabilitydynamics 1Wp Invoice Nov 21, 2024 Sep 20, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.