7.1

CVE-2022-3154

Exploit

Multiple Plugins from Viszt Peter - Multiple CSRF

Multiple Plugins from Viszt Peter - Cross-Site Request Forgery

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Mögliche Gegenmaßnahme
Integration for Billingo & Gravity Forms: Update to version 1.0.4, or a newer patched version
Integration for Szamlazz.hu & Gravity Forms: Update to version 1.2.7, or a newer patched version
Billingo Plus integráció WooCommerce-hez: Update to version 4.4.5.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Woo Billingo Plus ProjectWoo Billingo Plus SwPlatformwordpress Version < 4.4.5.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Integration for Billingo & Gravity Forms
Version *-1.0.3
SystemWordPress Plugin
Produkt Integration for Szamlazz.hu & Gravity Forms
Version *-1.2.6
SystemWordPress Plugin
Produkt Billingo Plus integráció WooCommerce-hez
Version *-4.4.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.253
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5
Third Party Advisory