CVE-2016-11007

MEDIUM

Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor

Title source: rule

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

CVSS v3 5.3

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-668

Status published

usabilitydynamics/wp-invoice < 4.1.1

Published Sep 20, 2019

Tracked Since Feb 18, 2026