Skip to main content

Easy Invoice

1 CVEs product

Monthly

CVE-2026-48836 CRITICAL Act Now

Remote code execution in the Easy Invoice WordPress plugin (versions <= 2.1.19) allows unauthenticated attackers to run arbitrary code on the underlying server via a code injection flaw (CWE-94). The maximum CVSS 10.0 score reflects network reachability, no privileges, no user interaction, and a scope change with full confidentiality, integrity, and availability impact on the hosting WordPress site. No public exploit identified at time of analysis, but the trivial exploitability profile makes weaponization likely once technical details are published by Patchstack.

Code Injection RCE Easy Invoice
NVD
CVSS 3.1
10.0
EPSS
0.6%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code execution in the Easy Invoice WordPress plugin (versions <= 2.1.19) allows unauthenticated attackers to run arbitrary code on the underlying server via a code injection flaw (CWE-94). The maximum CVSS 10.0 score reflects network reachability, no privileges, no user interaction, and a scope change with full confidentiality, integrity, and availability impact on the hosting WordPress site. No public exploit identified at time of analysis, but the trivial exploitability profile makes weaponization likely once technical details are published by Patchstack.

Code Injection RCE Easy Invoice
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy