The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/browser/woocommerce-stock-manager/trunk/admin/views/import-export.php?rev=2499178 | Exploit Third Party Advisory |
https://www.wordfence.com/blog/2021/06/high-severity-vulnerability-patched-in-woocommerce-stock-manager-plugin/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-06-14T00:00:00
Updated: 2021-07-21T11:09:37
Reserved: 2021-06-10T00:00:00
Link: CVE-2021-34619
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-21T15:16:20.503
Modified: 2023-07-18T12:34:01.287
Link: CVE-2021-34619
JSON object: View
Redhat Information
No data.