CVE-2019-25746

CVE Database · CVE-2019-25746

CVE-2019-25746

· HIGHReceived

CVSS v3.1

7.1

CVSS v4.0

7.1

EPSS

0.23%

Published

Jun 15, 2026

Modified

Jun 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Weaknesses (CWE)

CWE-89

References (4)

https://slicedinvoices.com/

https://wordpress.org/plugins/sliced-invoices/

https://www.exploit-db.com/exploits/47540

https://www.vulncheck.com/advisories/wordpress-sliced-invoices-sql-injection-via-post-parameter

KEV Catalog EPSS Scores Vendors All CVEs