Lucene search
HistoryJun 27, 2023 - 2:15 p.m.
CVE-2023-2842
wp inventory manager
wordpress plugin
csrf
attack
nvd
cve-2023-2842
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.1%
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
Affected configurations
Node
wpinventorywp_inventory_managerRange<2.1.0.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpinventory | wp_inventory_manager | * | cpe:2.3:a:wpinventory:wp_inventory_manager:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Inventory Manager",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.0.14"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
2023-06-05 00:00:00
wpvulndb
wpvulndb
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
2023-06-05 00:00:00
nvd
nvd
CVE-2023-2842
2023-06-27 14:15:11
prion
prion
Cross site request forgery (csrf)
2023-06-27 14:15:00
cvelist
cvelist
wordfence
wordfence
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.1%
Related for CVE-2023-2842