MEDIUM
saskaita123
CVE published 2026-07-10
CVE-2026-9857
The Invoice123 plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.7.0. The plugin does not properly verify user authorization for certain actions, allowing authenticated attackers with subscriber-level access or higher to modify plugin settings and data. This vulnerability has a CVSS score of 4.3 and is considered medium severity. Users of the Invoice123 p [truncated]