CVE-2023-2842

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.1HIGH

EPSS

0.1%

top 69.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown WP Inventory Manager Wpinventory WP Inventory Manager

Timeline

PublishedJun 27

Description

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5unknown/wp_inventory_manager< 2.1.0.14

▶NVDwpinventory/wp_inventory_manager< 2.1.0.14

🔴Vulnerability Details

GHSA

GHSA-89r6-wrjm-5xx8: The WP Inventory Manager WordPress plugin before 2↗2023-06-27

▶

CVEList

WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF↗2023-06-27

▶