WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities
- Product
- WP Invoice
- Description
- This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users.
- Solution
- Update the plugin.
- Classification
-
Type Multi
- References
-
Pritect
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 4.1.0
Fixed In 4.1.1 - Disclosure date
- 2016-02-03
- Credits
- James Golovich