VYPR

Woocommerce Stock Manager

by WordPress

Source repositories

CVEs (10)

  • CVE-2026-24365MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.

  • CVE-2025-10167MedOct 11, 2025
    risk 0.35cvss 6.4epss 0.00

    The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_stock_snapshot_restocked shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output…

  • CVE-2023-35091MedJul 11, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.

  • CVE-2024-0399Apr 15, 2024
    risk 0.03cvss epss 0.03

    The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role.

  • CVE-2024-3983Aug 1, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks

  • CVE-2024-2843Aug 1, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks

  • CVE-2024-1747Aug 1, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting…

  • CVE-2024-1756Apr 24, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name

  • CVE-2024-1743Apr 24, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2021-34619Jul 21, 2021
    risk 0.00cvss epss 0.01

    The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.