Show filters
8 Total Results
Displaying 1-8 of 8
Sort by:
Attacker Value
Unknown
CVE-2022-1617
Disclosure Date: January 16, 2024 (last updated January 24, 2024)
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
0
Attacker Value
Unknown
CVE-2022-1202
Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
0
Attacker Value
Unknown
CVE-2016-11008
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
0
Attacker Value
Unknown
CVE-2016-11010
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
0
Attacker Value
Unknown
CVE-2016-11009
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
0
Attacker Value
Unknown
CVE-2016-11006
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
0
Attacker Value
Unknown
CVE-2016-11011
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
0
Attacker Value
Unknown
CVE-2016-11007
Disclosure Date: September 20, 2019 (last updated November 27, 2024)
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
0
