VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Mar 19, 2026

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerabilities

Review known vulnerability records for the WordPress plugin Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress (`sprout-invoices`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-39562, CVE-2026-32401 and CVE-2026-25364, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
3
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
8
CVE-2025-64227 High 20.8.8
CVE-2025-64227 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerability

Client Invoicing by Sprout Invoices <= 20.8.7 - Unauthenticated PHP Object Injection

CVE-2026-32401 High 20.8.10
CVE-2026-32401 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Local File Inclusion

Client Invoicing by Sprout Invoices <= 20.8.9 - Authenticated (Author+) Local File Inclusion

CVE-2026-39562 Medium 20.8.11
CVE-2026-39562 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerability

Client Invoicing by Sprout Invoices <= 20.8.10 - Missing Authorization

CVE-2026-25364 Medium 20.8.9
CVE-2026-25364 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerability

Client Invoicing by Sprout Invoices <= 20.8.8 - Missing Authorization

CVE-2024-53819 Medium 20.8.1
CVE-2024-53819 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Authorization Bypass

Client Invoicing by Sprout Invoices <= 20.8.0 - Insecure Direct Object Reference

CVE-2025-24606 Medium 20.8.2
CVE-2025-24606 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerability

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices <= 20.8.1 - Missing Authorization

CVE-2021-24787 Medium 19.9.7
CVE-2021-24787 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Stored Cross-Site Scripting

Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting

CVE-2025-64229 Medium 20.8.8
CVE-2025-64229 Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress Vulnerability

Client Invoicing by Sprout Invoices <= 20.8.7 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
10 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 3 high severity findings.
Recent CVEs
CVE-2026-39562, CVE-2026-32401 and CVE-2026-25364
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-39562
CVE-2026-39562: Client Invoicing by Sprout Invoices <= 20.8.10 - Missing Authorization

The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 20.8.10. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Mar 19, 2026
Patched Release
20.8.11
Affected Versions
Versions up to 20.8.10
Next Step
Update to 20.8.11 or newer if supported.
Open CVE-2026-39562 Report Open CVE Reference
Plugin High Patched: Yes CVE-2026-32401
CVE-2026-32401: Client Invoicing by Sprout Invoices <= 20.8.9 - Authenticated (Author+) Local File Inclusion

The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 20.8.9. This makes it possible for authenticated attackers, with author-level access and above, to include and execute arbitrary files on the serve...

Published
Feb 21, 2026
Patched Release
20.8.10
Affected Versions
Versions up to 20.8.9
Next Step
Update to 20.8.10 or newer if supported.
Open CVE-2026-32401 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-25364
CVE-2026-25364: Client Invoicing by Sprout Invoices <= 20.8.8 - Missing Authorization

The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 20.8.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Feb 15, 2026
Patched Release
20.8.9
Affected Versions
Versions up to 20.8.8
Next Step
Update to 20.8.9 or newer if supported.
Open CVE-2026-25364 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-64229
CVE-2025-64229: Client Invoicing by Sprout Invoices <= 20.8.7 - Missing Authorization

The Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 20.8.7. This makes it possible for authenticated att...

Published
Oct 24, 2025
Patched Release
20.8.8
Affected Versions
Versions up to 20.8.7
Next Step
Update to 20.8.8 or newer if supported.
Open CVE-2025-64229 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-64227
CVE-2025-64227: Client Invoicing by Sprout Invoices <= 20.8.7 - Unauthenticated PHP Object Injection

The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 20.8.7 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is p...

Published
Sep 02, 2025
Patched Release
20.8.8
Affected Versions
Versions up to 20.8.7
Next Step
Update to 20.8.8 or newer if supported.
Open CVE-2025-64227 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-24606
CVE-2025-24606: Client Invoicing by Sprout Invoices – Easy Estimates and Invoices <= 20.8.1 - Missing Authorization

The Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the maybe_change_status() function in all versions up to, and including, 20.8.1. This m...

Published
Dec 22, 2024
Patched Release
20.8.2
Affected Versions
Versions up to 20.8.1
Next Step
Update to 20.8.2 or newer if supported.
Open CVE-2025-24606 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-53819
CVE-2024-53819: Client Invoicing by Sprout Invoices <= 20.8.0 - Insecure Direct Object Reference

The Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 20.8.0 due to missing validation on a user controlled key. This makes it possible for u...

Published
Dec 02, 2024
Patched Release
20.8.1
Affected Versions
Versions up to 20.8.0
Next Step
Update to 20.8.1 or newer if supported.
Open CVE-2024-53819 Report Open CVE Reference
Plugin Medium Patched: Yes
Sprout Invoices <= 20.5.3 - Sensitive Information Exposure

The Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 20.5.4 (exclusive) via the system_health_check function. This makes it possible for authenticated attacke...

Published
Nov 13, 2023
Patched Release
20.5.4
Affected Versions
Versions before 20.5.4
Next Step
Update to 20.5.4 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2021-24787
CVE-2021-24787: Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting

The Client Invoicing by Sprout Invoices plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to the plugin not sanitising and escaping some of its settings. This makes it possible for high privilege users to inject arbitrary...

Published
Oct 18, 2021
Patched Release
19.9.7
Affected Versions
Versions before 19.9.7
Next Step
Update to 19.9.7 or newer if supported.
Open CVE-2021-24787 Report Open CVE Reference
Plugin High Patched: Yes
Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress <= 9.3 - Missing Authorization

The Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 9.3. This is due to various missing capability & nonce checks on functions called via 'init' hooks. Thi...

Published
Feb 09, 2016
Patched Release
9.4
Affected Versions
Versions up to 9.3
Next Step
Update to 9.4 or newer if supported.
Open Full Report