WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities

Back

Product: WP Invoice
Description: This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users.
Solution: Update the plugin.
Classification: Type Multi
References: Pritect
CVE: Name CVE-N/A
Versions: Affected In <= 4.1.0
Fixed In 4.1.1
Disclosure date: 2016-02-03
Credits: James Golovich

ThreatPress