exploitDog

CVE-2023-2842

Опубликовано: 27 июн. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0357ecc7-56f5-4843-a928-bf2d3ce75596
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpinventory:wp_inventory_manager:*:*:*:*:*:wordpress:*:*

Версия до 2.1.0.14 (исключая)

EPSS

Процентиль: 27%

0.00095

Низкий

8.1 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-89r6-wrjm-5xx8

CVSS3: 8.1

github

больше 2 лет назад

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack

EPSS

Процентиль: 27%

0.00095

Низкий

8.1 High

CVSS3

Дефекты