Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by usabilitydynamics
CVE-2022-1617 (GCVE-0-2022-1617)
Vulnerability from cvelistv5 – Published: 2024-01-16 15:52 – Updated: 2025-06-11 17:14
VLAI
Title
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
Summary
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7e40e506-ad02-44… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP-Invoice |
Affected:
0 , ≤ 4.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T20:40:57.114293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:14:19.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "WP-Invoice",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mariam Tariq"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T15:52:49.812Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP-Invoice \u003c= 4.3.1 - Stored Cross-Site Scripting via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1617",
"datePublished": "2024-01-16T15:52:49.812Z",
"dateReserved": "2022-05-07T08:28:34.626Z",
"dateUpdated": "2025-06-11T17:14:19.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1202 (GCVE-0-2022-1202)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:41 – Updated: 2024-08-02 23:55
VLAI
Title
WP-CRM <= 1.2.1 - CSV Injection
Summary
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/53c8190c-baef-48… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP-CRM – Customer Relations Management for WordPress |
Affected:
1.2.1 , ≤ 1.2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP-CRM \u2013 Customer Relations Management for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ankur Bakre"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:41.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP-CRM \u003c= 1.2.1 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1202",
"STATE": "PUBLIC",
"TITLE": "WP-CRM \u003c= 1.2.1 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-CRM \u2013 Customer Relations Management for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.2.1",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ankur Bakre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1202",
"datePublished": "2022-06-13T12:41:41.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11011 (GCVE-0-2016-11011)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:47 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:47:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11011",
"datePublished": "2019-09-20T14:47:29.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11010 (GCVE-0-2016-11010)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:46 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:46:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11010",
"datePublished": "2019-09-20T14:46:10.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11009 (GCVE-0-2016-11009)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:45 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:45:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11009",
"datePublished": "2019-09-20T14:45:30.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:33.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11008 (GCVE-0-2016-11008)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:44 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:44:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11008",
"datePublished": "2019-09-20T14:44:47.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11007 (GCVE-0-2016-11007)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:44 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:44:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11007",
"datePublished": "2019-09-20T14:44:13.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11006 (GCVE-0-2016-11006)
Vulnerability from cvelistv5 – Published: 2019-09-20 14:43 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:43:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11006",
"datePublished": "2019-09-20T14:43:10.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:33.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1617 (GCVE-0-2022-1617)
Vulnerability from nvd – Published: 2024-01-16 15:52 – Updated: 2025-06-11 17:14
VLAI
Title
WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
Summary
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7e40e506-ad02-44… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP-Invoice |
Affected:
0 , ≤ 4.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T20:40:57.114293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:14:19.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "WP-Invoice",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mariam Tariq"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T15:52:49.812Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP-Invoice \u003c= 4.3.1 - Stored Cross-Site Scripting via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1617",
"datePublished": "2024-01-16T15:52:49.812Z",
"dateReserved": "2022-05-07T08:28:34.626Z",
"dateUpdated": "2025-06-11T17:14:19.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1202 (GCVE-0-2022-1202)
Vulnerability from nvd – Published: 2022-06-13 12:41 – Updated: 2024-08-02 23:55
VLAI
Title
WP-CRM <= 1.2.1 - CSV Injection
Summary
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
Severity
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/53c8190c-baef-48… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WP-CRM – Customer Relations Management for WordPress |
Affected:
1.2.1 , ≤ 1.2.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP-CRM \u2013 Customer Relations Management for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.2.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ankur Bakre"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:41.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP-CRM \u003c= 1.2.1 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1202",
"STATE": "PUBLIC",
"TITLE": "WP-CRM \u003c= 1.2.1 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-CRM \u2013 Customer Relations Management for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.2.1",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ankur Bakre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/53c8190c-baef-4807-970b-f01ab440576a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1202",
"datePublished": "2022-06-13T12:41:41.000Z",
"dateReserved": "2022-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11011 (GCVE-0-2016-11011)
Vulnerability from nvd – Published: 2019-09-20 14:47 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:47:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11011",
"datePublished": "2019-09-20T14:47:29.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11010 (GCVE-0-2016-11010)
Vulnerability from nvd – Published: 2019-09-20 14:46 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:46:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11010",
"datePublished": "2019-09-20T14:46:10.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11009 (GCVE-0-2016-11009)
Vulnerability from nvd – Published: 2019-09-20 14:45 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:45:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11009",
"datePublished": "2019-09-20T14:45:30.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:33.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11008 (GCVE-0-2016-11008)
Vulnerability from nvd – Published: 2019-09-20 14:44 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:44:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11008",
"datePublished": "2019-09-20T14:44:47.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11007 (GCVE-0-2016-11007)
Vulnerability from nvd – Published: 2019-09-20 14:44 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:44:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11007",
"datePublished": "2019-09-20T14:44:13.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:34.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11006 (GCVE-0-2016-11006)
Vulnerability from nvd – Published: 2019-09-20 14:43 – Updated: 2024-08-06 03:47
VLAI
Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://wpvulndb.com/vulnerabilities/8378 | x_refsource_MISC |
| https://wordpress.org/plugins/wp-invoice/#developers | x_refsource_MISC |
| http://www.pritect.net/blog/wp-invoice-4-1-1-secu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T14:43:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8378",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8378"
},
{
"name": "https://wordpress.org/plugins/wp-invoice/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/wp-invoice/#developers"
},
{
"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities",
"refsource": "MISC",
"url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11006",
"datePublished": "2019-09-20T14:43:10.000Z",
"dateReserved": "2019-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:47:33.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}