Description

WordPress Plugin Stockists Manager for Woocommerce is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Stockists Manager for Woocommerce version 1.0.2.1 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518

https://wordpress.org/plugins/stockists-manager/#description

Related Vulnerabilities

MySQL CVE-2013-1526 Vulnerability (CVE-2013-1526)

WordPress Plugin Pods-Custom Content Types and Fields Malicious Code (3.2.3)

WordPress Plugin EditorMonkey Remote File Upload (2.5)

WordPress Plugin AVH Extended Categories Widgets Unspecified Vulnerability (4.0.2)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547)

Severity

High

Classification

CVE-2022-2518 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update CSRF