Vulnerabilities > CVE-2022-3451 - Missing Authorization vulnerability in Addify Product Stock Manager

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

addify

CWE-862

NVD

Published: 2022-11-07

Updated: 2023-07-21

Summary

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options

Vulnerable Configurations

Part	Description	Count
Application	Addify Addify Product Stock Manager 1.0.0 Addify Product Stock Manager 1.0.1 Addify Product Stock Manager 1.0.2 Addify Product Stock Manager 1.0.3 Addify Product Stock Manager 1.0.4	5

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/d8005cd0-8232-4d43-a4e4-14728eaf1300