WordPress Plugin Vulnerabilities
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
Description
The plugin does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
Proof of Concept
Send a payload to logged-in admins with a request to http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpim_manage_inventory_items&action=delete&delete_id=2
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
NGO VAN TU
Submitter
NGO VAN TU
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-06-05 (about 11 months ago)
Added
2023-06-05 (about 11 months ago)
Last Updated
2023-06-05 (about 11 months ago)