Vulnerabilities and security researches forstock-sync-for-woocommerce stock-sync-for-woocommerce

Jun 06, 2024

CVE, Research URL: e16bba2b82e7a3b7f803839b899f413182f3c92b
Home page URL: Security reports for Stock Sync for WooCommerce
Application: Stock Sync for WooCommerce
Date: Mar 22, 2023
Research Description: Stock Sync for WooCommerce [stock-sync-for-woocommerce] < 2.4.1 WordPress Stock Sync for WooCommerce Plugin <= 2.3.2 is vulnerable to Broken Access Control No patched version is available. No reply from the vendor. Cat discovered and reported this Broken Access Control vulnerability in WordPress Stock Sync for WooCommerce Plugin. This vulnerability has not been known to be fixed yet.
Affected versions: max 2.4.1.
Status: vulnerable

CVE, Research URL: CVE-2023-31094
Home page URL: Security reports for Stock Sync for WooCommerce
Application: Stock Sync for WooCommerce
Date: Aug 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.
Affected versions: max 2.4.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-46807
Home page URL: Security reports for Stock Sync for WooCommerce
Application: Stock Sync for WooCommerce
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.
Affected versions: max 2.4.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 23ffa51356546ca775585c4791fa3a9a9049f03b
Home page URL: Security reports for Stock Sync for WooCommerce
Application: Stock Sync for WooCommerce
Date: Mar 22, 2023
Research Description: Stock Sync for WooCommerce [stock-sync-for-woocommerce] < 2.4.0 Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery The Stock Sync for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the function push_all, push, update, create_log_table. This makes it possible for unauthenticated attackers to push stock quantities to external sites and create log tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.4.0.
Status: vulnerable

CVE, Research URL: 32b464c34b74a892762f56ea6c130c4a35d34abe
Home page URL: Security reports for Stock Sync for WooCommerce
Application: Stock Sync for WooCommerce
Date: Apr 24, 2023
Research Description: Stock Sync for WooCommerce [stock-sync-for-woocommerce] < 2.4.1 Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter The Stock Sync for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 2.4.1.
Status: vulnerable