Back to KEVs

CVE-2021-34619

Cross-Site Request Forgery in WooCommerce Stock Manager WordPress Plugin

Basic Information

CVE State
PUBLISHED
Reserved Date
June 10, 2021
Published Date
July 21, 2021
Last Updated
September 16, 2024
Vendor
StoreApps
Product
WooCommerce Stock Manager
Description
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.
Tags
wordpress php

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

Score
0.11% (Percentile: 30.54%) as of 2025-05-12

Exploit Status

Exploited in the Wild
Yes (2021-06-14 08:23:03 UTC) Source

References

https://plugins.trac.wordpress.org/browser/woocommerce-stock-manager/trunk/admin/views/import-export.php?rev=2499178 https://www.wordfence.com/blog/2021/06/high-severity-vulnerability-patched-in-woocommerce-stock-manager-plugin/

Known Exploited Vulnerability Information

Source Added Date
Wordfence 2021-06-14 08:23:03 UTC

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public