WooCommerce Stock Manager <= 1.0.7 - CSRF and Lack of Authorisation



Description
Missing CSRF and Authorisation checks in the stock_manager_save_one_product_stock_data() method registered as an AJAX call.

Affects Plugin

fixed in version 1.0.9

References

URL https://plugins.trac.wordpress.org/changeset?reponame=&new=1460574%40woocommerce-stock-manager&old=1430301%40woocommerce-stock-manager

Classification

Type MULTI

Miscellaneous

Views 4337
Verified No
WPVDB ID 9414

Timeline

Publicly Published 2016-07-26 (almost 4 years ago)
Added 2019-07-01 (about 1 year ago)
Last Updated 2019-07-01 (about 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin