汇总 usabilitydynamics 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 CSRF与跨站脚本 等安全问题,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2022-1617 | The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | [email protected] | 6.1 | 0.27% | 2024-01-16 | 2025-06-11 |
| CVE-2022-1202 | The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | [email protected] | 7.8 | 0.97% | 2022-06-13 | 2024-11-21 |
| CVE-2016-11011 | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | [email protected] | 6.5 | 1.37% | 2019-09-20 | 2024-11-21 |
| CVE-2016-11010 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | [email protected] | 5.3 | 1.77% | 2019-09-20 | 2024-11-21 |
| CVE-2016-11009 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | [email protected] | 5.3 | 1.77% | 2019-09-20 | 2024-11-21 |
| CVE-2016-11008 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | [email protected] | 5.3 | 1.77% | 2019-09-20 | 2024-11-21 |
| CVE-2016-11007 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | [email protected] | 5.3 | 1.97% | 2019-09-20 | 2024-11-21 |
| CVE-2016-11006 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | [email protected] | 5.3 | 1.77% | 2019-09-20 | 2024-11-21 |