CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31094 – WordPress Stock Sync for WooCommerce Plugin <= 2.4.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-31094
24 Apr 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions. The Stock Sync for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user in... • https://patchstack.com/database/vulnerability/stock-sync-for-woocommerce/wordpress-stock-sync-for-woocommerce-plugin-2-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46807 – WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control
https://notcve.org/view.php?id=CVE-2022-46807
22 Mar 2023 — Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2. The Stock Sync for WooCommerce plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the functions check_api_access and view_last_response in versions up to, and including, 2.3.2. This makes it possible for authenticated att... • https://patchstack.com/database/wordpress/plugin/stock-sync-for-woocommerce/vulnerability/wordpress-stock-sync-for-woocommerce-plugin-2-3-2-broken-access-control-csrf?_s_id=cve • CWE-862: Missing Authorization •