4 matches found
CVE-2022-3451
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...
CVE-2022-3451
The CVE-2022-3451 entry concerns the Product Stock Manager WordPress plugin up to version 1.0.4 (pre‑1.0.5). Reports in multiple connected sources confirm a lack of proper authorization and CSRF checks in several AJAX actions, enabling users with a role as low as subscriber to call these actions ...
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls
The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...