Vulnerabilities > Wpinventory > WP Inventory Manager

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2023-34002 Cross-Site Request Forgery (CSRF) vulnerability in Wpinventory WP Inventory Manager
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.
network
low complexity
wpinventory CWE-352
8.8
8.8
2023-08-16 CVE-2023-2123 Unspecified vulnerability in Wpinventory WP Inventory Manager
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
network
low complexity
wpinventory
6.1
6.1
2023-06-27 CVE-2023-2842 Unspecified vulnerability in Wpinventory WP Inventory Manager
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
network
low complexity
wpinventory
8.1
8.1
2023-05-08 CVE-2023-1806 Unspecified vulnerability in Wpinventory WP Inventory Manager
The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.
network
low complexity
wpinventory
6.1
6.1