PatchSiren

saskaita123 CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM saskaita123 CVE published 2026-07-10

CVE-2026-9857

The Invoice123 plugin for WordPress has an authorization bypass vulnerability in all versions up to and including 1.7.0. The plugin does not properly verify user authorization for certain actions, allowing authenticated attackers with subscriber-level access or higher to modify plugin settings and data. This vulnerability has a CVSS score of 4.3 and is considered medium severity. Users of the Invoice123 p [truncated]