CVE-2016-11007

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-invoice
Vendor: CVE Published:; 20 September 2019

Summary

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

References

https://wpvulndb.com/vulnerabilities/8378

x_refsource_MISC

https://wordpress.org/plugins/wp-invoice/#developers

x_refsource_MISC

http://www.pritect.net/blog/wp-invoice-4-1-1-security-vul...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2019
Vulnerability Reserved
Sep 20, 2019

.