CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-13434 – WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13434
16 Jan 2025 — The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2842 – WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
https://notcve.org/view.php?id=CVE-2023-2842
05 Jun 2023 — The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack The WP Inventory Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0.13. This is due to missing or incorrect nonce validation on the delete_item function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted the... • https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34002 – WordPress WP Inventory Manager Plugin <= 2.1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-34002
02 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WP Inventory Manager en versiones <= 2.1.0.13. The WP Inventory Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.0.13. This is due to missing or incorrect nonce validation on the delete_item function. This makes it possible for unauthenticated attackers to perform unauthorize... • https://patchstack.com/database/vulnerability/wp-inventory-manager/wordpress-wp-inventory-manager-plugin-2-1-0-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-2123 – WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-2123
26 Apr 2023 — The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ parameter in versions up to, and including, 2.1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execu... • https://github.com/0xn4d/poc-cve-xss-encoded-wp-inventory-manager-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1806 – WP Inventory Manager < 2.1.0.12 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-1806
12 Apr 2023 — The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ parameter in versions up to, and including, 2.1.0.11 due to insufficient input sanitization and output escaping. This makes it possible... • https://wpscan.com/vulnerability/38d99c7d-2d10-4910-b95a-1cb545b813c4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •