Daniloalbuqrque

**Name of the Vulnerable Software and Affected Versions** WP Inventory Manager versions prior to 2.1.0.13 **Description** The issue is related to a Reflected Cross-Site Scripting problem. The WP Inventory Manager WordPress plugin does not properly sanitise and escape a `parameter` before outputting it back in the page. This can lead to a Reflected Cross-Site Scripting attack. **Recommendations** For versions prior to 2.1.0.13, update to version 2.1.0.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** InventoryPress WordPress plugin versions 1.7 and earlier **Description** The issue allows users with the role of author and above to perform Stored Cross-Site Scripting attacks due to the plugin not sanitising and escaping some of its settings. **Recommendations** For InventoryPress WordPress plugin versions 1.7 and earlier, update to a version that addresses the sanitisation and escaping of settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the access to settings for users with the role of author and above until a patch is available.