CVE-2025-66115 MEDIUM

CVE-2025-66115: WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability

Vendor Matrixaddons
Product Easy Invoice
Weakness CWE-98 · PHP file inclusion
Published November 21, 2025
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4.

Key dates

02Disclosure timeline

November 21, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14429 WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability CVE-2024-8392 WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion CVE-2024-52499 WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability CVE-2025-25109 WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability CVE-2025-60067 WordPress Giardino theme <= 1.1.10 - Local File Inclusion vulnerability