Skip to main content

Sliced Invoices

3 CVEs product

Monthly

CVE-2019-25746 HIGH POC This Week

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post'. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress SQLi Sliced Invoices
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-30517 HIGH This Week

Missing Authorization vulnerability in Sliced Invoices.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sliced Invoices
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-20625 HIGH POC This Week

Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi PHP Sliced Invoices
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 7.1
HIGH POC This Week

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post'. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress SQLi +1
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Sliced Invoices.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sliced Invoices
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy