Vulnerabilities and security researches forwoocommerce-product-stock-alert woocommerce-product-stock-alert

Jun 07, 2024

CVE, Research URL: bb22b85cb15d0cd5e7c9bacbc870cccb7371b0c5
Home page URL: Security reports for Product Stock Manager & Notifier for WooCommerce
Application: Product Stock Manager & Notifier for WooCommerce
Date: Jul 10, 2023
Research Description: Product Stock Waitlist Manager for WooCommerce – Back In Stock Notifier, Sync, bulk edit [woocommerce-product-stock-alert] < 2.0.2 WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API The WooCommerce Product Stock Alert plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stock_alert_rest_routes_react_module action in versions up to, and including, 2.0.1. This makes it possible for authenticated attackers with subscriber-level access to use this endpoint intended for administrators.
Affected versions: max 2.0.2.
Status: vulnerable

CVE, Research URL: CVE-2023-37972
Home page URL: Security reports for Product Stock Manager & Notifier for WooCommerce
Application: Product Stock Manager & Notifier for WooCommerce
Date: Nov 30, 2023
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MultiVendorX Product Stock Manager & Notifier for WooCommerce.This issue affects Product Stock Manager & Notifier for WooCommerce: from n/a through 2.0.1.
Affected versions: max 2.0.2.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-37971
Home page URL: Security reports for Product Stock Manager & Notifier for WooCommerce
Application: Product Stock Manager & Notifier for WooCommerce
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1.
Affected versions: max 2.0.2.
Status: vulnerable