Search criteria
2 vulnerabilities found for Integration for Szamlazz.hu & Gravity Forms by TODO
CVE-2022-3154 (GCVE-0-2022-3154)
Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:00
VLAI?
Title
Multiple Plugins from Viszt Peter - Multiple CSRF
Summary
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TODO | Woo Billingo Plus |
Affected:
4.4.5.4 , < 4.4.5.4
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Woo Billingo Plus",
"vendor": "TODO",
"versions": [
{
"lessThan": "4.4.5.4",
"status": "affected",
"version": "4.4.5.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Billingo \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.0.4",
"status": "affected",
"version": "1.0.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Szamlazz.hu \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo \u0026 Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu \u0026 Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin\u0027s license"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Plugins from Viszt Peter - Multiple CSRF",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3154",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3154 (GCVE-0-2022-3154)
Vulnerability from nvd – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:00
VLAI?
Title
Multiple Plugins from Viszt Peter - Multiple CSRF
Summary
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TODO | Woo Billingo Plus |
Affected:
4.4.5.4 , < 4.4.5.4
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Woo Billingo Plus",
"vendor": "TODO",
"versions": [
{
"lessThan": "4.4.5.4",
"status": "affected",
"version": "4.4.5.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Billingo \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.0.4",
"status": "affected",
"version": "1.0.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Szamlazz.hu \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo \u0026 Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu \u0026 Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin\u0027s license"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Plugins from Viszt Peter - Multiple CSRF",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3154",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-09-07T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}