Lucene search
WPScanCVELIST:CVE-2022-3451HistoryNov 07, 2022 - 12:00 a.m.
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
2022-11-0700:00:00
CWE-862
CWE-352
WPScan
www.cve.org
2
cve-2022-3451
product stock manager
wordpress plugin
unauthorised access
ajax
subscriber
csrf
authorization
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options
CNA Affected
[
{
"vendor": "Unknown",
"product": "Product Stock Manager",
"versions": [
{
"version": "1.0.5",
"status": "affected",
"lessThan": "1.0.5",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2022-11-07 10:15:00
nvd
nvd
CVE-2022-3451
2022-11-07 10:15:11
wpexploit
wpexploit
Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
2022-10-17 00:00:00
wpvulndb
wpvulndb
Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
2022-10-17 00:00:00
cve
cve
CVE-2022-3451
2022-11-07 10:15:11