Vulnerabilities > CVE-2016-11007 - Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities
- http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities
- https://wordpress.org/plugins/wp-invoice/#developers
- https://wordpress.org/plugins/wp-invoice/#developers
- https://wpvulndb.com/vulnerabilities/8378
- https://wpvulndb.com/vulnerabilities/8378