Lucene search
HistoryJun 27, 2023 - 2:15 p.m.
CVE-2023-2842
wp inventory manager
wordpress plugin
csrf attack
inventory items
security vulnerability
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.7%
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
Affected configurations
Node
wpinventorywp_inventory_managerRange<2.1.0.14wordpress
Related
wpexploit
wpexploit
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
2023-06-05 00:00:00
wpvulndb
wpvulndb
WP Inventory Manager < 2.1.0.14 - Inventory Items Deletion via CSRF
2023-06-05 00:00:00
cve
cve
CVE-2023-2842
2023-06-27 14:15:11
prion
prion
Cross site request forgery (csrf)
2023-06-27 14:15:00
cvelist
cvelist
wordfence
wordfence
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.7%
Related for NVD:CVE-2023-2842