CVE-2023-2579

MEDIUM

InventoryPress < 1.7 - Authenticated Stored Cross-Site Scripting in Plugin Settings

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2579. PoCs published by 0xn4d.

AI-analyzed exploit summary This repository provides a detailed technical writeup and proof-of-concept for CVE-2023-2579, an authenticated reflected and stored XSS vulnerability in the InventoryPress plugin for WordPress. It includes step-by-step instructions, screenshots, and payload examples demonstrating the exploitation process.

Description

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Exploits (1)

nomisec WRITEUP
by 0xn4d · poc
https://github.com/0xn4d/poc-cve-xss-inventory-press-plugin

This repository provides a detailed technical writeup and proof-of-concept for CVE-2023-2579, an authenticated reflected and stored XSS vulnerability in the InventoryPress plugin for WordPress. It includes step-by-step instructions, screenshots, and payload examples demonstrating the exploitation process.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: InventoryPress plugin for WordPress 1.7
Auth required
Prerequisites: Authenticated access to WordPress · InventoryPress plugin version 1.7 installed
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe

Scores

CVSS v3 5.4
EPSS 0.0112
EPSS Percentile 62.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

Status published
Products (1)
inventorypress_project/inventorypress < 1.7
Published Jul 17, 2023
Tracked Since Feb 18, 2026