Easy Invoice
Monthly
Remote code execution in the Easy Invoice WordPress plugin (versions <= 2.1.19) allows unauthenticated attackers to run arbitrary code on the underlying server via a code injection flaw (CWE-94). The maximum CVSS 10.0 score reflects network reachability, no privileges, no user interaction, and a scope change with full confidentiality, integrity, and availability impact on the hosting WordPress site. No public exploit identified at time of analysis, but the trivial exploitability profile makes weaponization likely once technical details are published by Patchstack.
Remote code execution in the Easy Invoice WordPress plugin (versions <= 2.1.19) allows unauthenticated attackers to run arbitrary code on the underlying server via a code injection flaw (CWE-94). The maximum CVSS 10.0 score reflects network reachability, no privileges, no user interaction, and a scope change with full confidentiality, integrity, and availability impact on the hosting WordPress site. No public exploit identified at time of analysis, but the trivial exploitability profile makes weaponization likely once technical details are published by Patchstack.