CVE-2022-4888

Exploit

EPSS 0.32%
Veröffentlicht 31.07.2023 10:15:09
Zuletzt bearbeitet 21.11.2024 07:36:08
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions

Mögliche Gegenmaßnahme

WooCommerce Abandoned Cart Recovery: Update to version 1.2.5, or a newer patched version

WooCommerce Checkout Field Manager: Update to version 1.0.2, or a newer patched version

Custom Fields for WooCommerce: Update to version 1.0.4, or a newer patched version

WooCommerce Custom Order Number: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Custom Registration Forms Builder for WooCommerce: Update to version 1.0.2, or a newer patched version

WooCommerce Advanced Free Gifts: Update to version 1.0.2, or a newer patched version

WooCommerce Gift Registry: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Image Watermark for WooCommerce: Update to version 1.0.1, or a newer patched version

WooCommerce Order Approval: Update to version 1.1.0, or a newer patched version

WooCommerce Order Tracking: Update to version 1.0.2, or a newer patched version

Price Calculator for WooCommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Product Dynamic Pricing and Discounts for WooCommerce: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

WooCommerce Product Labels and Stickets: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WooCommerce Abandoned Cart Recovery

Version [*, 1.2.5)

SystemWordPress Plugin

≫

Produkt WooCommerce Checkout Field Manager

Version [*, 1.0.2)

SystemWordPress Plugin

≫

Produkt Custom Fields for WooCommerce

Version [*, 1.0.4)

SystemWordPress Plugin

≫

Produkt WooCommerce Custom Order Number

Version *

SystemWordPress Plugin

≫

Produkt Custom Registration Forms Builder for WooCommerce

Version [*, 1.0.2)

SystemWordPress Plugin

≫

Produkt WooCommerce Advanced Free Gifts

Version [*, 1.0.2)

SystemWordPress Plugin

≫

Produkt WooCommerce Gift Registry

Version *

SystemWordPress Plugin

≫

Produkt Image Watermark for WooCommerce

Version [*, 1.0.1)

SystemWordPress Plugin

≫

Produkt WooCommerce Order Approval

Version [*, 1.1.0)

SystemWordPress Plugin

≫

Produkt WooCommerce Order Tracking

Version [*, 1.0.2)

SystemWordPress Plugin

≫

Produkt Price Calculator for WooCommerce

Version *

SystemWordPress Plugin

≫

Produkt Product Dynamic Pricing and Discounts for WooCommerce

Version *

SystemWordPress Plugin

≫

Produkt WooCommerce Product Labels and Stickets

Version *

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Addify ≫ Abandoned Cart Recovery SwPlatformwordpress Version < 1.2.5

Addify ≫ Advanced Free Gifts SwPlatformwordpress Version < 1.0.2

Addify ≫ Checkout Fields Manager SwPlatformwordpress Version < 1.0.2

Addify ≫ Custom Fields For Woocommerce SwPlatformwordpress Version < 1.0.4

Addify ≫ Custom Order Number SwPlatformwordpress Version <= 1.0.1

Addify ≫ Custom Registration Forms Builder SwPlatformwordpress Version < 1.0.2

Addify ≫ Gift Registry For Woocommerce SwPlatformwordpress Version <= 1.0.1

Addify ≫ Image Watermark For Woocommerce SwPlatformwordpress Version <= 1.0.1

Addify ≫ Order Approval For Woocommerce SwPlatformwordpress Version < 1.1.0

Addify ≫ Order Tracking For Woocommerce SwPlatformwordpress Version < 1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.542

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4888

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4888

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4888

EUVD