Plattform
wordpress
Komponente
woocommerce-stock-manager
Behoben in
3.6.1
CVE-2026-24365 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Stock Manager for WooCommerce plugin. This flaw allows an attacker to potentially perform unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability impacts versions of Stock Manager for WooCommerce from 0.0.0 through 3.6.0, and a patch is available in version 3.6.0.
A successful CSRF attack could allow an attacker to modify stock levels, create or delete products, or perform other administrative actions as the logged-in user. The impact is amplified if the targeted user possesses administrative privileges within the WooCommerce store. This could lead to data manipulation, financial loss, or even complete control over the store's inventory and product catalog. While CSRF typically requires social engineering to trick a user into clicking a malicious link, the potential consequences can be significant, especially in e-commerce environments where inventory management is critical.
CVE-2026-24365 was publicly disclosed on 2026-01-22. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The medium CVSS score reflects the potential for impact combined with the requirement for user interaction to trigger the vulnerability.
E-commerce businesses using Stock Manager for WooCommerce are at risk, particularly those running versions 0.0.0 through 3.6.0. Shared hosting environments where multiple WordPress sites share the same server resources are also at increased risk, as a compromise on one site could potentially impact others. Stores relying on automated inventory management processes are especially vulnerable.
• wordpress / composer / npm:
grep -r 'stock_manager_settings' /var/www/html/wp-content/plugins/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=stock_manager_settings&nonce=malicious_nonce | grep -i '200 ok'disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-24365 is to immediately upgrade the Stock Manager for WooCommerce plugin to version 3.6.0 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that all user accounts utilize strong, unique passwords and that multi-factor authentication (MFA) is enabled wherever possible to reduce the risk of account compromise. Regularly review WooCommerce access logs for suspicious activity.
Update to version 3.6.0, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24365 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Stock Manager for WooCommerce versions 0.0.0–3.6.0, allowing attackers to perform unauthorized actions.
You are affected if you are using Stock Manager for WooCommerce versions 0.0.0 through 3.6.0. Upgrade to 3.6.0 to mitigate the risk.
Upgrade Stock Manager for WooCommerce to version 3.6.0 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the Stock Manager for WooCommerce plugin documentation and website for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.