CVE-2022-3451

Name of the Vulnerable Software and Affected Versions Product Stock Manager WordPress plugin version 1.0.4 and earlier

Description The issue affects the Product Stock Manager WordPress plugin, where multiple AJAX actions lack proper authorization and CSRF checks. This allows users with a role as low as subscriber to call these actions, potentially enabling them to update arbitrary options.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update is applied.