Local File Inclusion Vulnerability in MatrixAddons Easy Invoice Plugin by MatrixAddons
CVE-2025-66115

Currently unrated

Key Information:

Vendor: WordPress
Status: Easy Invoice
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-66115?

The Easy Invoice plugin by MatrixAddons has a security flaw that allows attackers to exploit improper controls on filenames when including PHP files. This vulnerability can lead to Local File Inclusion, potentially enabling unauthorized access to sensitive files on the server, resulting in further exploitation or data breaches. Website owners using versions from n/a to 2.1.4 should take immediate action to secure their installations.