Skip to main content

Wp Inventory Manager

4 CVEs product

Monthly

CVE-2026-57772 HIGH This Week

Blind SQL injection in the WP Inventory Manager WordPress plugin (versions up to and including 2.4.0) lets an authenticated attacker with low privileges inject crafted SQL into database queries, enabling extraction of arbitrary database contents such as user credentials and secrets. Reported by Patchstack, the flaw carries a CVSS 8.5 (scope-changed) rating; no public exploit has been identified at time of analysis and it is not listed in CISA KEV, so risk is currently theoretical but high-impact.

SQLi Wp Inventory Manager
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2023-2123 MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD GitHub WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2842 HIGH POC This Week

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Inventory Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-1806 MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in the WP Inventory Manager WordPress plugin (versions up to and including 2.4.0) lets an authenticated attacker with low privileges inject crafted SQL into database queries, enabling extraction of arbitrary database contents such as user credentials and secrets. Reported by Patchstack, the flaw carries a CVSS 8.5 (scope-changed) rating; no public exploit has been identified at time of analysis and it is not listed in CISA KEV, so risk is currently theoretical but high-impact.

SQLi Wp Inventory Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD GitHub WPScan
EPSS 0% CVSS 8.1
HIGH POC This Week

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Inventory Manager
NVD WPScan
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy