Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.10 views

CVE-2022-3451

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...

4.3CVSS6.9AI score0.00264EPSS
Exploits2References1
CVE
CVE
added 2022/11/07 12:0 a.m.94 views

CVE-2022-3451

The CVE-2022-3451 entry concerns the Product Stock Manager WordPress plugin up to version 1.0.4 (pre‑1.0.5). Reports in multiple connected sources confirm a lack of proper authorization and CSRF checks in several AJAX actions, enabling users with a role as low as subscriber to call these actions ...

4.3CVSS4.7AI score0.00264EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/11/07 12:0 a.m.28 views

CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...

5AI score0.00264EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.10 views

CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...

7.2AI score0.00264EPSS
Exploits2References1
Rows per page
Query Builder