← Back

Wp Inventory Manager

wp_inventory_manager

Vendor: Wpinventory • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Wpinventory
1Wp Inventory Manager
Jun 17, 2026
Nov 9, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.
1Wpinventory
1Wp Inventory Manager
Jun 17, 2026
Aug 16, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
1Wpinventory
1Wp Inventory Manager
Jun 17, 2026
Jun 27, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack
1Wpinventory
1Wp Inventory Manager
Jun 17, 2026
May 8, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against...Show more
The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.Show less