Reflected Cross-Site Scripting in WP Inventory Manager by WordPress
CVE-2024-13434
6.1MEDIUM
What is CVE-2024-13434?
The WP Inventory Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the 'message' parameter. This vulnerability arises due to inadequate input sanitization and output escaping, exposing users to the risk of unauthorized script injections. An attacker can exploit this issue by tricking a user into clicking a specially crafted link, leading to the execution of malicious scripts within the user's browser context.
Affected Version(s)
WP Inventory Manager * <= 2.3.2