Usabilitydynamics CVE

Filtered by vendor Usabilitydynamics Subscribe

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-1617	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	N/A	6.1 MEDIUM
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them
CVE-2022-1202	1 Usabilitydynamics	1 Wp-crm	2024-11-21	6.8 MEDIUM	7.8 HIGH
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
CVE-2016-11011	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	4.0 MEDIUM	6.5 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVE-2016-11010	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	5.0 MEDIUM	5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
CVE-2016-11009	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	5.0 MEDIUM	5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CVE-2016-11008	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	5.0 MEDIUM	5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CVE-2016-11007	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	5.0 MEDIUM	5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
CVE-2016-11006	1 Usabilitydynamics	1 Wp-invoice	2024-11-21	5.0 MEDIUM	5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

Vulnerabilities (CVE)