CVE-2022-3451

Summary

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options

Affected Software

VendorProductVersion RangeStatus
UnknownProduct Stock Manager1.0.5 < 1.0.5affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization
  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References