Vulnerability Details CVE-2023-2123
The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.15
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin
- https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1
- https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin
- https://wpscan.com/vulnerability/44448888-cd5d-482e-859e-123e442ce5c1
Products affected by CVE-2023-2123
-
cpe:2.3:a:wpinventory:wp_inventory_manager:-
-
cpe:2.3:a:wpinventory:wp_inventory_manager:2.1.0.8