Vulnerabilities > Usabilitydynamics

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2022-1617 Cross-Site Request Forgery (CSRF) vulnerability in Usabilitydynamics Wp-Invoice
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
network
low complexity
usabilitydynamics CWE-352
6.1
2022-06-13 CVE-2022-1202 Unspecified vulnerability in Usabilitydynamics Wp-Crm 1.2.1
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
local
low complexity
usabilitydynamics
7.8
2019-09-20 CVE-2016-11011 Improper Privilege Management vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
network
low complexity
usabilitydynamics CWE-269
6.5
2019-09-20 CVE-2016-11010 Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
network
low complexity
usabilitydynamics CWE-668
5.3
2019-09-20 CVE-2016-11009 Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
network
low complexity
usabilitydynamics CWE-668
5.3
2019-09-20 CVE-2016-11008 Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
network
low complexity
usabilitydynamics CWE-668
5.3
2019-09-20 CVE-2016-11007 Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
network
low complexity
usabilitydynamics CWE-668
5.3
2019-09-20 CVE-2016-11006 Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
network
low complexity
usabilitydynamics CWE-668
5.3