CVE-2021-34619

Name of the Vulnerable Software and Affected Versions WooCommerce Stock Manager versions up to, and including, 2.5.7

Description The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file. It allows for unlimited upload of dangerous file types. This can be exploited by a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially leading to arbitrary file upload due to missing nonce and file validation.

Recommendations For versions up to, and including, 2.5.7, update to a version that includes the necessary nonce and file validation to prevent CSRF attacks and arbitrary file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.