CVE-2019-25746

Published
View on NVD ↗
CVSS v3
7.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.

Sliced Invoices – WordPress Invoice Plugin
Sliced Invoices – WordPress Invoice Plugin
<h4>A flexible, well-supported, and easy-to-use WordPress invoicing plugin to create professional quotes and invoices that clients can pay for online.</h4> <p>Sliced Invoices is an invoicing system that is easy to use but at the same time comes packed with features to help make your quoting and invoicing a breeze.</p> <h4>Sliced Invoices &#8211; General Features</h4> <ul> <li>Send Quotes and Invoices and get paid online</li> <li>Many customization options</li> <li>Lots of filters, actions and template tags</li> <li>Pre-defined line items</li> <li>Auto increment of Invoice &amp; Quote numbers</li> <li>Set custom Invoice &amp; Quote prefixes and/or suffixes</li> <li>Flexible tax settings (global, per Invoice/Quote or per line item)</li> <li>Customizable email templates including subject and content</li> <li>Custom email from name and email address</li> <li>Bcc yourself into all client emails</li> <li>Send clients emails at the click of a button</li> <li>Send clients automatic payment reminder emails</li> <li>Clone existing Quotes &amp; Invoices</li> <li>3 customizable Invoice &amp; Quote templates</li> <li>Customize templates using CSS</li> <li>Add your logo and business details to Invoices &amp; Quotes</li> <li>Bulk CSV import of Quotes &amp; Invoices</li> <li>Support for WordPress Multisite (network activated)</li> </ul> <h4>Invoices &#8211; Key Features</h4> <ul> <li>Online Invoice payments with PayPal Express Checkout (or paid Stripe extension)</li> <li>Offline payment methods (Bank, check, money order or anything else)</li> <li>Name Invoices whatever you like (such as Bills, Tax Invoice or anything else)</li> <li>Set default due date (x number of days from Invoice date)</li> <li>Set custom Terms &amp; Conditions for Invoices</li> <li>Invoice reporting</li> <li>Export Invoices to CSV</li> <li>Invoice in any currency</li> </ul> <h4>Quotes &#8211; Key Features</h4> <ul> <li>Commenting system for Quotes</li> <li>Clients can accept or decline Quotes</li> <li>Convert Quotes to Invoices with one click</li> <li>Name Quotes whatever you like (such as Estimate or anything else)</li> <li>Set custom Terms &amp; Conditions for Quotes</li> <li>Quote reporting</li> <li>Export Quotes to CSV</li> <li>Quote in any currency</li> </ul> <p>Sliced Invoices is a feature-packed and flexible invoicing system for WordPress, check out how easy it is to add an invoice in this <strong>very quick 45 second video</strong>.</p> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/9V6VRidkZFk?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h4>Sliced Invoices &#8211; Free &amp; Paid Extensions</h4> <ul> <li><a href="https://slicedinvoices.com/extensions/pdf-email/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=PDF-Email&amp;utm_campaign=Free" rel="nofollow ugc">PDF quotes &amp; PDF invoices</a> extension</li> <li><a href="https://slicedinvoices.com/extensions/client-area/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Client-Area&amp;utm_campaign=Free" rel="nofollow ugc">Client Area</a> extension</li> <li><a href="https://wordpress.org/plugins/sliced-invoices-contact-form-7/" rel="ugc">Contact Form 7</a> extension (free)</li> <li><a href="https://wordpress.org/plugins/sliced-invoices-formidable-forms/" rel="ugc">Formidable Forms</a> extension (free)</li> <li><a href="https://wordpress.org/plugins/sliced-invoices-gravity-forms/" rel="ugc">Gravity Forms</a> extension (free)</li> <li><a href="https://slicedinvoices.com/extensions/authorize-net-payment-gateway/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=authorize_net&amp;utm_campaign=Free" rel="nofollow ugc">Authorize.Net Gateway</a></li> <li><a href="https://slicedinvoices.com/extensions/braintree-payment-gateway/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Braintree&amp;utm_campaign=Free" rel="nofollow ugc">Braintree Gateway</a></li> <li><a href="https://slicedinvoices.com/extensions/stripe-payment-gateway/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Stripe&amp;utm_campaign=Free" rel="nofollow ugc">Stripe Gateway</a></li> <li><a href="https://slicedinvoices.com/extensions/additional-tax/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Additional-Tax&amp;utm_campaign=Free" rel="nofollow ugc">Additional Tax</a> extension (free)</li> <li><a href="https://slicedinvoices.com/extensions/better-urls/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Better-URLs&amp;utm_campaign=Free" rel="nofollow ugc">Better URL&#8217;s</a> extension (free)</li> <li><a href="https://slicedinvoices.com/extensions/deposit-invoices/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Deposit-Invoices&amp;utm_campaign=Free" rel="nofollow ugc">Deposit Invoices</a> extension</li> <li><a href="https://slicedinvoices.com/extensions/partial-payments/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=partial_payments&amp;utm_campaign=Free" rel="nofollow ugc">Partial Payments</a> extension</li> <li><a href="https://slicedinvoices.com/extensions/recurring-invoices/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Recurring-Invoices&amp;utm_campaign=Free" rel="nofollow ugc">Recurring Invoices</a> extension</li> <li>Plus many more available <a href="https://slicedinvoices.com/extensions/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Extensions&amp;utm_campaign=Free" rel="nofollow ugc">here</a></li> </ul> <p>Our support is fantastic (check out the <a href="https://wordpress.org/support/plugin/sliced-invoices/reviews/" rel="ugc">reviews</a>) and if you need a feature that you can&#8217;t see, just ask and we will see if we can add it for a future release.</p> <blockquote> <p><strong>Visit our website to find out more</strong></p> <p><a href="https://slicedinvoices.com/plugin-features/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Features&amp;utm_campaign=Free" rel="nofollow ugc">Features</a> | <a href="https://slicedinvoices.com/support/getting-started/?utm_source=WordPress&amp;utm_medium=Readme-FAQ&amp;utm_content=Support&amp;utm_campaign=Free" rel="nofollow ugc">Getting Started</a> | <a href="https://slicedinvoices.com/extensions/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Extensions&amp;utm_campaign=Free" rel="nofollow ugc">Extensions</a> | <a href="https://slicedinvoices.com/bundles/?utm_source=WordPress&amp;utm_medium=Readme&amp;utm_content=Bundles&amp;utm_campaign=Free" rel="nofollow ugc">Bundles</a> | <a href="https://wordpress.org/plugins/sliced-invoices/faq/" rel="ugc">FAQ</a></p> </blockquote>
WordPress Plugin DirectoryWordPress Plugin Directory
256K