WordPress Plugin Vulnerabilities

WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF

Description

The plugin does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
wp-inventory-manager
Fixed in 2.1.0.14

References

CVE
CVE-2023-2842

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
NGO VAN TU
Submitter
NGO VAN TU
Verified
Yes
WPVDB ID
0357ecc7-56f5-4843-a928-bf2d3ce75596

Timeline

Publicly Published
2023-06-05 (about 2 years ago)
Added
2023-06-05 (about 2 years ago)
Last Updated
2023-06-05 (about 2 years ago)

Other

Published
Title
Published
2021-07-12
Title
Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF
Published
2025-02-21
Title
A1POST.BG Shipping for WooCommerce < 1.5.1 - Privilege Escalation via CSRF
Published
2024-04-10
Title
Simple Post Notes < 1.7.7 - Cross-Site Request Forgery
Published
2023-10-16
Title
Comments Ratings <= 1.1.7 - Arbitrary Settings Update via CSRF
Published
2022-06-20
Title
WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF