Skip to main content

Stock Locations For Woocommerce

2 CVEs product

Monthly

CVE-2026-57419 MEDIUM This Month

Stock Locations for WooCommerce plugin (versions through 3.1.8) exposes one or more privileged operations without performing authorization checks, allowing authenticated low-privileged WordPress users to manipulate stock location data they should have no rights to modify. Rooted in CWE-862 (Missing Authorization), the flaw means the plugin accepts and executes sensitive requests based solely on authentication rather than verifying the requester's WordPress capability level. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the low-privilege access requirement and straightforward network exploitation path make it a realistic risk for any multi-location WooCommerce store running the affected plugin.

Authentication Bypass WordPress Stock Locations For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-22153 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.5.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Stock Locations For Woocommerce
NVD
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stock Locations for WooCommerce plugin (versions through 3.1.8) exposes one or more privileged operations without performing authorization checks, allowing authenticated low-privileged WordPress users to manipulate stock location data they should have no rights to modify. Rooted in CWE-862 (Missing Authorization), the flaw means the plugin accepts and executes sensitive requests based solely on authentication rather than verifying the requester's WordPress capability level. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the low-privilege access requirement and straightforward network exploitation path make it a realistic risk for any multi-location WooCommerce store running the affected plugin.

Authentication Bypass WordPress Stock Locations For Woocommerce
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.5.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Stock Locations For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy