CSRF Vulnerability in Plainware PlainInventory Affects Multiple Versions
CVE-2025-32623

7.1HIGH

Key Information:

Vendor: Plainware
Status: Plaininventory
Vendor: CVE Published:; 9 April 2025

Summary

The Plainware PlainInventory plugin is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can lead to Stored Cross-Site Scripting (XSS) attacks. This flaw allows an attacker to manipulate requests on behalf of authenticated users, potentially leading to the execution of malicious scripts within the user's browser. Affected versions include all those from n/a up to 3.1.9. It is critical for users of PlainInventory to implement security measures to mitigate this issue and protect their applications from potential exploits.

Affected Version(s)

PlainInventory <= 3.1.9

References

https://patchstack.com/database/wordpress/plugin/z-invent...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Abdi Pranata (Patchstack Alliance)