cleantalk
Vulnerabilities and Security Researches

Stock Sync for WooCommerce, 23ffa51356546ca775585c4791fa3a9a9049f03b

CVE, Research URL

23ffa51356546ca775585c4791fa3a9a9049f03b

Home page URL

Security reports for Stock Sync for WooCommerce

Application

Stock Sync for WooCommerce

Published on
Mar 22, 2023
Research Description
Stock Sync for WooCommerce [stock-sync-for-woocommerce] < 2.4.0 Stock Sync for WooCommerce <= 2.3.2 - Cross-Site Request Forgery The Stock Sync for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the function push_all, push, update, create_log_table. This makes it possible for unauthenticated attackers to push stock quantities to external sites and create log tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.4.0.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
WP Docs (40e7e863cd583e8579c98f07aa06f53f17974621) , Jun 16, 2026
Attendance Manager (d61a53a5132d4f127db04c355b728189ae540eb5) , Jun 16, 2026
Slider Hero with Animation, Video Background (e03420c55099714ac90da016761d318e5e1cb6db) , Jun 16, 2026
Slider Hero with Animation, Video Background (ec2738226d537a4c17dbff19a2e826361834f640) , Jun 16, 2026
Slider Hero with Animation, Video Background (20851a18-8309-4405-b85c-acaa047effa7) , Jun 16, 2026