CVE-2016-11008

MEDIUM Year: 2016
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

Related Vulnerabilities

CVE-2016-11006

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

CWE-6682016

CVE-2016-11007

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

CWE-6682016

CVE-2016-11009

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

CWE-6682016

CVE-2016-11010

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

CWE-6682016

CVE-2016-5334

MEDIUM
CVSS:5.3(Medium)

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CWE-6682016

CVE-2017-0215

MEDIUM
CVSS:5.3(Medium)

Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Win...

CWE-6682017