Which WP-Invoice – Web Invoice and Billing CVEs are tracked?

WP-Invoice – Web Invoice and Billing tracked CVEs include CVE-2022-1617, CVE-2016-11011, CVE-2016-11006, CVE-2016-11010, and CVE-2016-11007.

How many WP-Invoice – Web Invoice and Billing vulnerabilities have patch guidance?

7 of 7 tracked WP-Invoice – Web Invoice and Billing records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 7 known issues Latest disclosed Apr 27, 2022

WP-Invoice – Web Invoice and Billing Vulnerabilities

Review known vulnerability records for the WordPress plugin WP-Invoice – Web Invoice and Billing (`wp-invoice`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2022-1617, CVE-2016-11010 and CVE-2016-11011, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Aug 06, 2024

Priority CVE Quick Links

Fast paths into WP-Invoice – Web Invoice and Billing CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2022-1617 High 4.3.2

CVE-2022-1617 WP-Invoice – Web Invoice and Billing Stored Cross-Site Scripting

WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

CVE-2016-11011 High 4.1.1

CVE-2016-11011 WP-Invoice – Web Invoice and Billing Privilege Escalation

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Privilege Escalation

CVE-2016-11006 Medium 4.1.1

CVE-2016-11006 WP-Invoice – Web Invoice and Billing Vulnerability

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Unauthorized Settings Change

CVE-2016-11010 Medium 4.1.1

CVE-2016-11010 WP-Invoice – Web Invoice and Billing Authorization Bypass

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

CVE-2016-11007 Medium 4.1.1

CVE-2016-11007 WP-Invoice – Web Invoice and Billing Authorization Bypass

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Insecure Direct Object Reference

CVE-2016-11009 Medium 4.1.1

CVE-2016-11009 WP-Invoice – Web Invoice and Billing Authorization Bypass

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

CVE-2016-11008 Medium 4.1.1

CVE-2016-11008 WP-Invoice – Web Invoice and Billing Authorization Bypass

WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP-Invoice – Web Invoice and Billing so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

7 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 2 high severity findings.

Recent CVEs

CVE-2022-1617, CVE-2016-11010 and CVE-2016-11011

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2022-1617 High Patch path listed

CVE-2022-1617: WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing nonce validation on...

Published

Apr 27, 2022

Patch Status

4.3.2

Open CVE-2022-1617 Report

CVE-2016-11010 Medium Patch path listed

CVE-2016-11010: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when...

Published

Feb 03, 2016

Patch Status

4.1.1

Open CVE-2016-11010 Report

CVE-2016-11011 High Patch path listed

CVE-2016-11011: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Privilege Escalation

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

Published

Feb 03, 2016

Patch Status

4.1.1

Open CVE-2016-11011 Report

Known Vulnerabilities

Reports for WP-Invoice – Web Invoice and Billing

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2022-1617

CVE-2022-1617: WP-Invoice – Web Invoice and Billing <= 4.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing nonce validation on the save settings function. This makes it possible for unauthenticated attackers to modify...

Published

Apr 27, 2022

Patched Release

4.3.2

Affected Versions

Versions up to 4.3.1

Next Step

Update to 4.3.2 or newer if supported.

Open CVE-2022-1617 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-11010

CVE-2016-11010: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_twocheckout payment gateway handler in versions up to, and including, 4.1.0...

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions up to 4.1.0

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11010 Report Open CVE Reference

Plugin High Patched: Yes CVE-2016-11011

CVE-2016-11011: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Privilege Escalation

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions before 4.1.1

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11011 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-11007

CVE-2016-11007: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Insecure Direct Object Reference

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions up to 4.1.0

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11007 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-11009

CVE-2016-11009: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_interkassa payment gateway handler in versions up to, and including, 4.1.0....

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions before 4.1.1

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11009 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-11008

CVE-2016-11008: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization

The WP-Invoice – Web Invoice and Billing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpi_gateway_base::process_payment() function when using the wpi_paypal payment gateway handler in versions up to, and including, 4.1.0. Thi...

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions before 4.1.1

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11008 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2016-11006

CVE-2016-11006: WP-Invoice – Web Invoice and Billing <= 4.1.0 - Unauthorized Settings Change

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

Published

Feb 03, 2016

Patched Release

4.1.1

Affected Versions

Versions up to 4.1.0

Next Step

Update to 4.1.1 or newer if supported.

Open CVE-2016-11006 Report Open CVE Reference