CVE-2022-2518
Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
El plugin Stockists Manager for Woocommerce para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta 1.0.2.1 incluyéndola. Esto es debido a una falta de comprobación de nonce en la función stockist_settings_main(). Esto hace posible a atacantes no autenticados modificar la configuración del plugin e inyecten scripts web maliciosos por medio de una petición falsa concedida pueden engañar a un administrador del sitio para que lleve a cabo una acción como hacer clic en un enlace.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-22 CVE Reserved
- 2022-07-22 CVE Published
- 2024-02-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://plugins.trac.wordpress.org/browser/stockists-manager/trunk/stockist_settings.php | Third Party Advisory | |
https://wordpress.org/plugins/stockists-manager | Product | |
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve | Third Party Advisory | |
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Berocket Search vendor "Berocket" | Stockists Manager For Woocommerce Search vendor "Berocket" for product "Stockists Manager For Woocommerce" | <= 1.0.2.1 Search vendor "Berocket" for product "Stockists Manager For Woocommerce" and version " <= 1.0.2.1" | wordpress |
Affected
|