CVE-2019-25746

HIGH WAF: High

CVSS 7.1 Published: 2026-06-15

CWE-89

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

slicedinvoices.com
wordpress.org
www.exploit-db.com
www.vulncheck.com

Back to CVE Database