WordPress Plugin Vulnerabilities

WooCommerce Stock Manager < 2.11.0 - Cross-Site Request Forgery

Description

The plugin does not adequately verify requests use nonces, making it susceptible to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
woocommerce-stock-manager
Fixed in 2.11.0

References

CVE
CVE-2023-35091
URL
https://patchstack.com/database/vulnerability/woocommerce-stock-manager/wordpress-stock-manager-for-woocommerce-plugin-2-10-0-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
cc39593a-54f5-4b55-aecb-dfe82cc9bff0

Timeline

Publicly Published
2023-06-15 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2025-01-24
Title
Counter Box < 2.0.6 - Cross-Site Request Forgery
Published
2024-04-10
Title
MihanPanel < 12.7 - Cross-Site Request Forgery
Published
2025-09-26
Title
AR For WordPress <= 8.34 - Cross-Site Request Forgery
Published
2022-01-12
Title
Quiz And Survey Master < 7.3.7 - CSRF
Published
2024-03-04
Title
CM Download Manager < 2.9.0 - Download Deletion via CSRF