WordPress Plugin Vulnerabilities

WooCommerce Stock Manager < 1.0.9 - CSRF and Lack of Authorisation

Description

Missing CSRF and Authorisation checks in the stock_manager_save_one_product_stock_data() method registered as an AJAX call.

Affects Plugins

Plugin icon
woocommerce-stock-manager
Fixed in 1.0.9

References

URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=1460574%40woocommerce-stock-manager&old=1430301%40woocommerce-stock-manager

Miscellaneous

Verified
No
WPVDB ID
eccc4930-6338-41a1-891a-f8f5a918146f

Timeline

Publicly Published
2016-07-26 (about 9 years ago)
Added
2019-07-01 (about 6 years ago)
Last Updated
2019-07-01 (about 6 years ago)

Other

Published
Title
Published
2018-11-15
Title
Slideshow Gallery <= 1.6.8 - XSS and SQLi
Published
2020-06-15
Title
KingComposer < 2.9.4 - Multiple Critical Issues
Published
2014-08-01
Title
WordPress 3.3.1 - Multiple Vulnerabilities including XSS & Privilege Escalation
Published
2015-09-26
Title
Appointment Booking Calendar < 1.1.8 - Multiple Reflected Cross-Site Scripting (XSS) and SQL Injection
Published
2014-08-01
Title
Exploit Scanner <= 1.3.3 - FPD & Security bypass vulnerabilities