CVE-2016-11011 - OpenCVE

The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Usabilitydynamics	Wp-invoice

Configuration 1 [-]

cpe:2.3:a:usabilitydynamics:wp-invoice:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities
https://wordpress.org/plugins/wp-invoice/#developers
https://wpvulndb.com/vulnerabilities/8378

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-20T14:47:29

Updated: 2024-08-06T03:47:34.109Z

Reserved: 2019-09-20T00:00:00

Link: CVE-2016-11011

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-09-20T15:15:13.780

Modified: 2019-09-20T18:17:57.843

Link: CVE-2016-11011

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-20T14:47:29", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8378"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/wp-invoice/#developers"}, {"tags": ["x_refsource_MISC"], "url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-11011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wpvulndb.com/vulnerabilities/8378", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8378"}, {"name": "https://wordpress.org/plugins/wp-invoice/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/wp-invoice/#developers"}, {"name": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities", "refsource": "MISC", "url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:47:34.109Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8378"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/wp-invoice/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-11011", "datePublished": "2019-09-20T14:47:29", "dateReserved": "2019-09-20T00:00:00", "dateUpdated": "2024-08-06T03:47:34.109Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:usabilitydynamics:wp-invoice:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "940971CC-0BCA-4303-9F40-0A2E3231FF5E", "versionEndExcluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation."}, {"lang": "es", "value": "El plugin wp-invoice versiones anteriores a 4.1.1 para WordPress, presenta una escalada de privilegios del par\u00e1metro wpi_update_user_option."}], "id": "CVE-2016-11011", "lastModified": "2019-09-20T18:17:57.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-20T15:15:13.780", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.pritect.net/blog/wp-invoice-4-1-1-security-vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/wp-invoice/#developers"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8378"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}