The plugin is vulnerable to CSRF leading to Arbitrary File Upload due to missing nonce and file validation in the /admin/views/import-export.php file.
File will upload to: /wp-content/plugins/woocommerce-stock-manager/admin/views/upload/PoC.php
CPE | Name | Operator | Version |
---|---|---|---|
woocommerce-stock-manager | lt | 2.6.0 |