CVE-2022-1617 — CVSS 6.1 (medium): The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as…
CVE-2016-11008 — CVSS 5.3 (medium): The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CVE-2016-11006 — CVSS 5.3 (medium): The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
CVE-2016-11010 — CVSS 5.3 (medium): The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
CVE-2016-11009 — CVSS 5.3 (medium): The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CVE-2016-11007 — CVSS 5.3 (medium): The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.