ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities

Product
WP Invoice
Description
This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users.
Solution
Update the plugin.
Classification
Type Multi
References
Pritect
CVE
Name CVE-N/A
Versions
Affected In <= 4.1.0
Fixed In 4.1.1
Disclosure date
2016-02-03
Credits
James Golovich