WordPress Plugin Vulnerabilities

WP-Invoice <= 4.1.0 - Multiple Vulnerabilities

Description

WP-Invoice plugin <= 4.1.0 contains multiple security vulnerabilities that include information disclosure, unauthorised updating of meta data, and privilege escalation.

Affects Plugins

Plugin icon
wp-invoice
Fixed in 4.1.1

References

CVE
CVE-2016-11011
CVE
CVE-2016-11010
CVE
CVE-2016-11009
CVE
CVE-2016-11008
CVE
CVE-2016-11007
CVE
CVE-2016-11006
URL
https://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities

Miscellaneous

Submitter
James Golovich
Submitter website
http://pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
b8da3832-18ba-4c02-bcd4-bd6fdca7e7a5

Timeline

Publicly Published
2016-02-03 (about 10 years ago)
Added
2016-02-04 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-09-17
Title
Ready! Ecommerce 0.5.0 - CSRF & XSS
Published
2024-01-17
Title
popup-builder < 4.2.6 - Admin+ SSRF & File Read
Published
2015-04-14
Title
MiwoFTP - File & Folder Manager <= 1.0.5 - Multiple Vulnerabilities
Published
2019-09-08
Title
Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS
Published
2015-01-02
Title
WP Limit Posts Automatically <= 0.7 - CSRF & XSS