Access Control Flaw in wp-invoice Plugin for WordPress
CVE-2016-11010

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-invoice
Vendor: CVE Published:; 20 September 2019

What is CVE-2016-11010?

The wp-invoice plugin for WordPress, prior to version 4.1.1, contains an access control flaw that allows unauthorized updates to payer metadata. This vulnerability could result in attackers manipulating payment information or altering sensitive user data, potentially compromising the integrity of financial transactions managed through the plugin.