9.8
CVE-2022-40700
- EPSS 0.73%
- Published 19.01.2024 15:15:08
- Last modified 21.11.2024 07:21:53
- Source audit@patchstack.com
- Teams watchlist Login
- Open Login
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.
Data is provided by the National Vulnerability Database (NVD)
Millionclues ≫ Admin Css Mu SwPlatformwordpress Version <= 2.6
Deano ≫ Amp Toolbox SwPlatformwordpress Version <= 2.1.1
Unihost ≫ Confirm Data SwPlatformwordpress Version <= 1.0.7
Agence-press ≫ Css Adder SwPlatformwordpress Version <= 1.5.0
Millionclues ≫ Custom Login Admin Front-end Css SwPlatformwordpress Version <= 1.4.1
Montonio ≫ Montonio For Woocommerce SwPlatformwordpress Version <= 6.0.1
Frumph ≫ Phpfreechat SwPlatformwordpress Version <= 0.2.8
Designmodo ≫ Qards SwPlatformwordpress Version <= 1.0.5
Squidesma ≫ Theme Minifier SwPlatformwordpress Version <= 2.0
Longwatchstudio ≫ Woosupply SwPlatformwordpress Version <= 1.2.2
Longwatchstudio ≫ Woovip SwPlatformwordpress Version <= 1.4.4
Longwatchstudio ≫ Woovirtualwallet SwPlatformwordpress Version <= 2.2.1
Arcstone ≫ Amo For Wp - Membership Management SwPlatformwordpress Version <= 4.6.6
Wpopal ≫ Wpopal Core Features SwPlatformwordpress Version <= 1.5.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.717 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.