Client Invoicing By Sprout Invoices

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39562 This Week

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

WordPress PHP Authentication Bypass Client Invoicing By Sprout Invoices
NVD
EPSS
0.0%
CVE-2026-32401 HIGH This Week

Sprout Invoices Client Invoicing versions 20.8.9 and earlier contain a local file inclusion vulnerability in PHP that allows authenticated attackers with high privileges to read arbitrary files on the affected server. An attacker exploiting this vulnerability could access sensitive configuration files, source code, or other confidential data without requiring user interaction. No patch is currently available for this vulnerability.

Information Disclosure Lfi PHP Client Invoicing By Sprout Invoices
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-39562
EPSS 0%
This Week

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

WordPress PHP Authentication Bypass +1
NVD
CVE-2026-32401
EPSS 0% CVSS 7.2
HIGH This Week

Sprout Invoices Client Invoicing versions 20.8.9 and earlier contain a local file inclusion vulnerability in PHP that allows authenticated attackers with high privileges to read arbitrary files on the affected server. An attacker exploiting this vulnerability could access sensitive configuration files, source code, or other confidential data without requiring user interaction. No patch is currently available for this vulnerability.

Information Disclosure Lfi PHP +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy