Primary

Context

Sliced Invoices WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A missing authorization vulnerability has been identified in the Sliced Invoices WordPress plugin, specifically in versions through 3.9.5. This vulnerability allows for insecure direct object references, which could enable a malicious actor to bypass authorization and access sensitive files or interact with the database.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data or files, allowing for potential manipulation of database contents.

Remediation

Users of the Sliced Invoices WordPress plugin should update to version 3.9.5 or later. For those unable to update, Patchstack offers a virtual patching service that can auto-mitigate this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sliced Invoices WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SlicedInvoices Sliced Invoices

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating