Local File Inclusion Vulnerability in MatrixAddons Easy Invoice Plugin by MatrixAddons
CVE-2025-66115

6.6MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Invoice
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-66115?

The Easy Invoice plugin by MatrixAddons has a security flaw that allows attackers to exploit improper controls on filenames when including PHP files. This vulnerability can lead to Local File Inclusion, potentially enabling unauthorized access to sensitive files on the server, resulting in further exploitation or data breaches. Website owners using versions from n/a to 2.1.4 should take immediate action to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Easy Invoice <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/easy-inv...

vdb-entry

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Tarcísio Luchesi(Poystick) | Patchstack Bug Bounty Program

JSON

WordPress