Description

WordPress Plugin Stockists Manager for Woocommerce is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Stockists Manager for Woocommerce version 1.0.2.1 is vulnerable; prior versions may also be affected.

Remediation

Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available

References

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518

https://wordpress.org/plugins/stockists-manager/#description

Related Vulnerabilities

WordPress Plugin PowerPress Podcasting by Blubrry Arbitrary File Upload (8.3.7)

WordPress Plugin Share, Print and PDF Products for WooCommerce Security Bypass (2.7.2)

WordPress Plugin Inline Gallery 'do' Parameter Cross-Site Scripting (0.3.9)

WordPress Plugin Tapfiliate Cross-Site Scripting (3.0.12)

PHP upload arbitrary file disclosure vulnerability

Severity

High

Classification

CVE-2022-2518 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update CSRF