9.8
CVE-2022-40700
- EPSS 0.73%
- Veröffentlicht 19.01.2024 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:21:53
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginCSSTidy - Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.
Mögliche Gegenmaßnahme
Admin CSS MU: Update to version 2.7, or a newer patched version
AMP Toolbox: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Confirm Data: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
CSS Adder By Agence-Press: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Custom Login Admin Front-end CSS: Update to version 1.5, or a newer patched version
phpfreechat: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WordPress Page Builder – Qards: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Styles: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Theme Minifier: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WooSupply – Suppliers, Supply Orders and Stock Management: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WooVIP – Membership plugin for WordPress and WooCommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
WooVirtualWallet – A virtual wallet for WooCommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
AMO for WP – Membership Management: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Wpopal Core Features: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Admin CSS MU
Version
* - 2.6
SystemWordPress Plugin
≫
Produkt
AMP Toolbox
Version
* - 2.1.1
SystemWordPress Plugin
≫
Produkt
Confirm Data
Version
* - 1.0.7
SystemWordPress Plugin
≫
Produkt
CSS Adder By Agence-Press
Version
* - 1.5.0
SystemWordPress Plugin
≫
Produkt
Custom Login Admin Front-end CSS
Version
* - 1.4.1
SystemWordPress Plugin
≫
Produkt
phpfreechat
Version
* - 2.0.8
SystemWordPress Plugin
≫
Produkt
WordPress Page Builder – Qards
Version
* - 1.0.5
SystemWordPress Plugin
≫
Produkt
Styles
Version
* - 1.2.3
SystemWordPress Plugin
≫
Produkt
Theme Minifier
Version
* - 2.0
SystemWordPress Plugin
≫
Produkt
WooSupply – Suppliers, Supply Orders and Stock Management
Version
* - 1.2.2.
SystemWordPress Plugin
≫
Produkt
WooVIP – Membership plugin for WordPress and WooCommerce
Version
* - 1.4.4
SystemWordPress Plugin
≫
Produkt
WooVirtualWallet – A virtual wallet for WooCommerce
Version
* - 2.2.1
SystemWordPress Plugin
≫
Produkt
AMO for WP – Membership Management
Version
* - 4.6.6
SystemWordPress Plugin
≫
Produkt
Wpopal Core Features
Version
* - 1.5.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Millionclues ≫ Admin Css Mu SwPlatformwordpress Version <= 2.6
Deano ≫ Amp Toolbox SwPlatformwordpress Version <= 2.1.1
Unihost ≫ Confirm Data SwPlatformwordpress Version <= 1.0.7
Agence-press ≫ Css Adder SwPlatformwordpress Version <= 1.5.0
Millionclues ≫ Custom Login Admin Front-end Css SwPlatformwordpress Version <= 1.4.1
Montonio ≫ Montonio For Woocommerce SwPlatformwordpress Version <= 6.0.1
Frumph ≫ Phpfreechat SwPlatformwordpress Version <= 0.2.8
Designmodo ≫ Qards SwPlatformwordpress Version <= 1.0.5
Squidesma ≫ Theme Minifier SwPlatformwordpress Version <= 2.0
Longwatchstudio ≫ Woosupply SwPlatformwordpress Version <= 1.2.2
Longwatchstudio ≫ Woovip SwPlatformwordpress Version <= 1.4.4
Longwatchstudio ≫ Woovirtualwallet SwPlatformwordpress Version <= 2.2.1
Arcstone ≫ Amo For Wp - Membership Management SwPlatformwordpress Version <= 4.6.6
Wpopal ≫ Wpopal Core Features SwPlatformwordpress Version <= 1.5.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.72 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.