The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues
[
{
"product": "PPOM for WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "24.0",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
}
]