Wpinventory

Wp Inventory Manager

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-49977

  • EPSS 0.02%
  • Published 20.06.2025 15:15:23
  • Last modified 23.06.2025 20:16:40

Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4.

8.8

CVE-2023-34002

  • EPSS 0.1%
  • Published 09.11.2023 18:15:07
  • Last modified 21.11.2024 08:06:22

Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.

6.1

CVE-2023-2123

Exploit
  • EPSS 15.71%
  • Published 16.08.2023 12:15:12
  • Last modified 21.11.2024 07:57:58

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

8.1

CVE-2023-2842

Exploit
  • EPSS 0.1%
  • Published 27.06.2023 14:15:11
  • Last modified 21.11.2024 07:59:23

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

6.1

CVE-2023-1806

Exploit
  • EPSS 0.12%
  • Published 08.05.2023 14:15:13
  • Last modified 05.05.2025 16:15:29

The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as a...