CVE-2025-49977
- EPSS 0.02%
- Veröffentlicht 20.06.2025 15:15:23
- Zuletzt bearbeitet 23.06.2025 20:16:40
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4.
CVE-2023-34002
- EPSS 0.1%
- Veröffentlicht 09.11.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 08:06:22
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.
CVE-2023-2123
- EPSS 15.71%
- Veröffentlicht 16.08.2023 12:15:12
- Zuletzt bearbeitet 21.11.2024 07:57:58
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVE-2023-2842
- EPSS 0.1%
- Veröffentlicht 27.06.2023 14:15:11
- Zuletzt bearbeitet 21.11.2024 07:59:23
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
CVE-2023-1806
- EPSS 0.12%
- Veröffentlicht 08.05.2023 14:15:13
- Zuletzt bearbeitet 05.05.2025 16:15:29
The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as a...