cleantalk
Vulnerabilities and Security Researches

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress, CVE-2026-32401

CVE, Research URL

CVE-2026-32401

Home page URL

Security reports for Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Application

Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress

Published on
Mar 14, 2026
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.
Affected versions
max 20.8.9.
Status
vulnerable
Previous vulnerability researches
Client Invoicing by Sprout Invoices &#8211; Easy Estimates and Invoices for WordPress (CVE-2024-53819) , Dec 11, 2024
Client Invoicing by Sprout Invoices &#8211; Easy Estimates and Invoices for WordPress (CVE-2021-24787) , Jun 07, 2024
Client Invoicing by Sprout Invoices &#8211; Easy Estimates and Invoices for WordPress (CVE-2026-25364) , Feb 27, 2026
Client Invoicing by Sprout Invoices &#8211; Easy Estimates and Invoices for WordPress (CVE-2025-64227) , Jan 10, 2026
Client Invoicing by Sprout Invoices &#8211; Easy Estimates and Invoices for WordPress (CVE-2025-64229) , Nov 11, 2025
New vulnerability
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25363) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2025-15524) , Mar 29, 2026
Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery (CVE-2026-27360) , Mar 29, 2026