cvelistv5 - CVE-2022-40700

CVE-2022-40700 (GCVE-0-2022-40700)

Vulnerability from cvelistv5 – Published: 2024-01-19 14:30 – Updated: 2024-11-13 17:40

Summary

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

Patchstack

References

URL

Tags

	https://patchstack.com/database/vulnerability/mon…	vdb-entry
	https://patchstack.com/database/vulnerability/wpo…	vdb-entry
	https://patchstack.com/database/vulnerability/wp-…	vdb-entry
	https://patchstack.com/database/vulnerability/woo…	vdb-entry
	https://patchstack.com/database/vulnerability/woo…	vdb-entry
	https://patchstack.com/database/vulnerability/woo…	vdb-entry
	https://patchstack.com/database/vulnerability/the…	vdb-entry
	https://patchstack.com/database/vulnerability/sty…	vdb-entry
	https://patchstack.com/database/vulnerability/qar…	vdb-entry
	https://patchstack.com/database/vulnerability/php…	vdb-entry
	https://patchstack.com/database/vulnerability/cus…	vdb-entry
	https://patchstack.com/database/vulnerability/css…	vdb-entry
	https://patchstack.com/database/vulnerability/con…	vdb-entry
	https://patchstack.com/database/vulnerability/amp…	vdb-entry
	https://patchstack.com/database/vulnerability/adm…	vdb-entry

Impacted products

Vendor

Product

Version

Montonio

Montonio for WooCommerce

Affected: n/a , ≤ 6.0.1 (custom)

Wpopal	Wpopal Core Features	Affected: n/a , ≤ 1.5.8 (custom)
AMO for WP – Membership Management	ArcStone	Affected: n/a , ≤ 4.6.6 (custom)
Long Watch Studio	WooVirtualWallet – A virtual wallet for WooCommerce	Affected: n/a , ≤ 2.2.1 (custom)
Long Watch Studio	WooVIP – Membership plugin for WordPress and WooCommerce	Affected: n/a , ≤ 1.4.4 (custom)
Long Watch Studio	WooSupply – Suppliers, Supply Orders and Stock Management	Affected: n/a , ≤ 1.2.2 (custom)
Squidesma	Theme Minifier	Affected: n/a , ≤ 2.0 (custom)
Paul Clark	Styles	Affected: n/a , ≤ 1.2.3 (custom)
Designmodo Inc.	WordPress Page Builder – Qards	Affected: n/a , ≤ 1.0.5 (custom)
Philip M. Hofer (Frumph)	PHPFreeChat	Affected: n/a , ≤ 0.2.8 (custom)
Arun Basil Lal	Custom Login Admin Front-end CSS	Affected: n/a , ≤ 1.4.1 (custom)
Team Agence-Press	CSS Adder By Agence-Press	Affected: n/a , ≤ 1.5.0 (custom)
Unihost	Confirm Data	Affected: n/a , ≤ 1.0.7 (custom)
deano1987	AMP Toolbox	Affected: n/a , ≤ 2.1.1 (custom)
Arun Basil Lal	Admin CSS MU	Affected: n/a , ≤ 2.6 (custom)

Credits

Dave Jong (Patchstack)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:39:55.482326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:40:07.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "montonio-for-woocommerce",
          "product": "Montonio for WooCommerce",
          "vendor": "Montonio",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "wpopal-core-features",
          "product": "Wpopal Core Features",
          "vendor": "Wpopal",
          "versions": [
            {
              "lessThanOrEqual": "1.5.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "wp-amo",
          "product": "ArcStone",
          "vendor": "AMO for WP \u2013 Membership Management",
          "versions": [
            {
              "lessThanOrEqual": "4.6.6",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "woovirtualwallet",
          "product": "WooVirtualWallet \u2013 A virtual wallet for WooCommerce",
          "vendor": "Long Watch Studio",
          "versions": [
            {
              "lessThanOrEqual": "2.2.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "woovip",
          "product": "WooVIP \u2013 Membership plugin for WordPress and WooCommerce",
          "vendor": "Long Watch Studio",
          "versions": [
            {
              "lessThanOrEqual": "1.4.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "woosupply",
          "product": "WooSupply \u2013 Suppliers, Supply Orders and Stock Management",
          "vendor": "Long Watch Studio",
          "versions": [
            {
              "lessThanOrEqual": "1.2.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "theme-minifier",
          "product": "Theme Minifier",
          "vendor": "Squidesma",
          "versions": [
            {
              "lessThanOrEqual": "2.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "styles",
          "product": "Styles",
          "vendor": "Paul Clark",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "qards-free",
          "product": "WordPress Page Builder \u2013 Qards",
          "vendor": "Designmodo Inc.",
          "versions": [
            {
              "lessThanOrEqual": "1.0.5",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "phpfreechat",
          "product": "PHPFreeChat",
          "vendor": "Philip M. Hofer (Frumph)",
          "versions": [
            {
              "lessThanOrEqual": "0.2.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "custom-login-admin-front-end-css-with-multisite-support",
          "product": "Custom Login Admin Front-end CSS",
          "vendor": "Arun Basil Lal",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "css-adder-by-agence-press",
          "product": "CSS Adder By Agence-Press",
          "vendor": "Team Agence-Press",
          "versions": [
            {
              "lessThanOrEqual": "1.5.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "confirm-data",
          "product": "Confirm Data",
          "vendor": "Unihost",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "amp-toolbox",
          "product": "AMP Toolbox",
          "vendor": "deano1987",
          "versions": [
            {
              "lessThanOrEqual": "2.1.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "admin-css-mu",
          "product": "Admin CSS MU",
          "vendor": "Arun Basil Lal",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.7",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.6",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dave Jong (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.\u003cp\u003eThis issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\u003c/p\u003e"
            }
          ],
          "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-19T14:30:11.427Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\u003cbr\u003eUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\u003cbr\u003eUpdate Admin CSS MU to 2.7 or a higher version\u003cbr\u003e"
            }
          ],
          "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\nUpdate Admin CSS MU to 2.7 or a higher version\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2022-40700",
    "datePublished": "2024-01-19T14:30:11.427Z",
    "dateReserved": "2022-09-27T08:42:32.033Z",
    "dateUpdated": "2024-11-13T17:40:07.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"2.6\", \"matchCriteriaId\": \"43821B34-AEAD-4521-B37C-07314D2848A5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"2.1.1\", \"matchCriteriaId\": \"F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.0.7\", \"matchCriteriaId\": \"775615D7-1183-44BD-8E13-B18CC3F037B7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.5.0\", \"matchCriteriaId\": \"78AA1D24-7A86-41D5-A9E4-3CF586D91F52\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.4.1\", \"matchCriteriaId\": \"672D8FBE-F144-4BAF-B780-8234BB2D83D7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"6.0.1\", \"matchCriteriaId\": \"1A46D97F-01EA-43A4-AD82-1552112A2B82\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"0.2.8\", \"matchCriteriaId\": \"555CCA86-7B43-4F8D-9A71-3A92D34A8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.0.5\", \"matchCriteriaId\": \"054FCFA2-C643-441A-8D13-233980433E88\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.2.3\", \"matchCriteriaId\": \"C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"2.0\", \"matchCriteriaId\": \"5ADA61B8-B05E-4608-B331-80769EADB458\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.2.2\", \"matchCriteriaId\": \"15F0C47E-D2B5-47A8-BD7E-592439EF2745\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.4.4\", \"matchCriteriaId\": \"D12B6939-0446-4C32-AA43-CE3D0052B9ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"2.2.1\", \"matchCriteriaId\": \"EA71FDDC-0142-450E-9F0B-4609171BBE09\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"4.6.6\", \"matchCriteriaId\": \"B893F859-596C-45AD-BE84-BE9FE35B2626\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.5.8\", \"matchCriteriaId\": \"E4720CB3-42E0-46B2-A74F-E118C427C44A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \\u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \\u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \\u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \\u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \\u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \\u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \\u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \\u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de  Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \\u2013 Gesti\\u00f3n de membres\\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \\u2013 Complemento de membres\\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \\u2013 Proveedores, pedidos de suministro y gesti\\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\\u00e1ginas de WordPress \\u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6.\"}]",
      "id": "CVE-2022-40700",
      "lastModified": "2024-11-21T07:21:53.063",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"audit@patchstack.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-01-19T15:15:08.020",
      "references": "[{\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"audit@patchstack.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "audit@patchstack.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"audit@patchstack.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-40700\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2024-01-19T15:15:08.020\",\"lastModified\":\"2024-11-21T07:21:53.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de  Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \u2013 Gesti\u00f3n de membres\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \u2013 Complemento de membres\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \u2013 Proveedores, pedidos de suministro y gesti\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\u00e1ginas de WordPress \u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"2.6\",\"matchCriteriaId\":\"43821B34-AEAD-4521-B37C-07314D2848A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"2.1.1\",\"matchCriteriaId\":\"F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.0.7\",\"matchCriteriaId\":\"775615D7-1183-44BD-8E13-B18CC3F037B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.5.0\",\"matchCriteriaId\":\"78AA1D24-7A86-41D5-A9E4-3CF586D91F52\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.4.1\",\"matchCriteriaId\":\"672D8FBE-F144-4BAF-B780-8234BB2D83D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"6.0.1\",\"matchCriteriaId\":\"1A46D97F-01EA-43A4-AD82-1552112A2B82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"0.2.8\",\"matchCriteriaId\":\"555CCA86-7B43-4F8D-9A71-3A92D34A8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"054FCFA2-C643-441A-8D13-233980433E88\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.2.3\",\"matchCriteriaId\":\"C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"2.0\",\"matchCriteriaId\":\"5ADA61B8-B05E-4608-B331-80769EADB458\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.2.2\",\"matchCriteriaId\":\"15F0C47E-D2B5-47A8-BD7E-592439EF2745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.4.4\",\"matchCriteriaId\":\"D12B6939-0446-4C32-AA43-CE3D0052B9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"2.2.1\",\"matchCriteriaId\":\"EA71FDDC-0142-450E-9F0B-4609171BBE09\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"4.6.6\",\"matchCriteriaId\":\"B893F859-596C-45AD-BE84-BE9FE35B2626\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.5.8\",\"matchCriteriaId\":\"E4720CB3-42E0-46B2-A74F-E118C427C44A\"}]}]}],\"references\":[{\"url\":\"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"audit@patchstack.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:21:46.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40700\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T17:39:55.482326Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T17:40:03.390Z\"}}], \"cna\": {\"title\": \"Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Dave Jong (Patchstack)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Montonio\", \"product\": \"Montonio for WooCommerce\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"6.0.2\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.1\"}], \"packageName\": \"montonio-for-woocommerce\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Wpopal\", \"product\": \"Wpopal Core Features\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.8\"}], \"packageName\": \"wpopal-core-features\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"AMO for WP \\u2013 Membership Management\", \"product\": \"ArcStone\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.6.6\"}], \"packageName\": \"wp-amo\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooVirtualWallet \\u2013 A virtual wallet for WooCommerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.2.1\"}], \"packageName\": \"woovirtualwallet\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooVIP \\u2013 Membership plugin for WordPress and WooCommerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.4\"}], \"packageName\": \"woovip\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooSupply \\u2013 Suppliers, Supply Orders and Stock Management\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2\"}], \"packageName\": \"woosupply\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Squidesma\", \"product\": \"Theme Minifier\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0\"}], \"packageName\": \"theme-minifier\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Paul Clark\", \"product\": \"Styles\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.3\"}], \"packageName\": \"styles\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Designmodo Inc.\", \"product\": \"WordPress Page Builder \\u2013 Qards\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.5\"}], \"packageName\": \"qards-free\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Philip M. Hofer (Frumph)\", \"product\": \"PHPFreeChat\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.2.8\"}], \"packageName\": \"phpfreechat\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arun Basil Lal\", \"product\": \"Custom Login Admin Front-end CSS\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.5\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.1\"}], \"packageName\": \"custom-login-admin-front-end-css-with-multisite-support\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Team Agence-Press\", \"product\": \"CSS Adder By Agence-Press\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.0\"}], \"packageName\": \"css-adder-by-agence-press\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Unihost\", \"product\": \"Confirm Data\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.7\"}], \"packageName\": \"confirm-data\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"deano1987\", \"product\": \"AMP Toolbox\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1.1\"}], \"packageName\": \"amp-toolbox\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arun Basil Lal\", \"product\": \"Admin CSS MU\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.7\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.6\"}], \"packageName\": \"admin-css-mu\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Montonio for WooCommerce to 6.0.2 or a higher version.\\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\\nUpdate Admin CSS MU to 2.7 or a higher version\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update Montonio for WooCommerce to 6.0.2 or a higher version.\u003cbr\u003eUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\u003cbr\u003eUpdate Admin CSS MU to 2.7 or a higher version\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \\u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \\u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \\u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \\u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \\u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \\u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \\u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \\u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \\u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \\u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \\u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \\u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.\u003cp\u003eThis issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \\u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \\u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \\u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \\u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2024-01-19T14:30:11.427Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-40700\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:40:07.080Z\", \"dateReserved\": \"2022-09-27T08:42:32.033Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2024-01-19T14:30:11.427Z\", \"assignerShortName\": \"Patchstack\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-3MV9-FMVF-XVMX

Vulnerability from github – Published: 2024-01-19 15:30 – Updated: 2024-01-31 00:30

Details

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-40700"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-19T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n",
  "id": "GHSA-3mv9-fmvf-xvmx",
  "modified": "2024-01-31T00:30:17Z",
  "published": "2024-01-19T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40700"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-40700

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-40700

Aliases

CVE-2022-40700

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-40700",
    "id": "GSD-2022-40700"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-40700"
      ],
      "details": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n",
      "id": "GSD-2022-40700",
      "modified": "2023-12-13T01:19:30.525244Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "audit@patchstack.com",
        "ID": "CVE-2022-40700",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Montonio for WooCommerce",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "changes": [
                                  {
                                    "at": "6.0.2",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThanOrEqual": "6.0.1",
                                "status": "affected",
                                "version": "n/a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Montonio"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Wpopal Core Features",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.5.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Wpopal"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ArcStone",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "4.6.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "AMO for WP \u2013 Membership Management"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WooVirtualWallet \u2013 A virtual wallet for WooCommerce",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "2.2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WooVIP \u2013 Membership plugin for WordPress and WooCommerce",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.4.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "WooSupply \u2013 Suppliers, Supply Orders and Stock Management",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.2.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Long Watch Studio"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Theme Minifier",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Squidesma"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Styles",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.2.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Paul Clark"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WordPress Page Builder \u2013 Qards",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.0.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Designmodo Inc."
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PHPFreeChat",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "0.2.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Philip M. Hofer (Frumph)"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Custom Login Admin Front-end CSS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "changes": [
                                  {
                                    "at": "1.5",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThanOrEqual": "1.4.1",
                                "status": "affected",
                                "version": "n/a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Admin CSS MU",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "unaffected",
                            "versions": [
                              {
                                "changes": [
                                  {
                                    "at": "2.7",
                                    "status": "unaffected"
                                  }
                                ],
                                "lessThanOrEqual": "2.6",
                                "status": "affected",
                                "version": "n/a",
                                "versionType": "custom"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Arun Basil Lal"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "CSS Adder By Agence-Press",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Team Agence-Press"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Confirm Data",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "1.0.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Unihost"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AMP Toolbox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "n/a",
                          "version_value": "2.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "deano1987"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Dave Jong (Patchstack)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-918",
                "lang": "eng",
                "value": "CWE-918 Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "name": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
            "refsource": "MISC",
            "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\u003cbr\u003eUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\u003cbr\u003eUpdate Admin CSS MU to 2.7 or a higher version\u003cbr\u003e"
            }
          ],
          "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\nUpdate Admin CSS MU to 2.7 or a higher version\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "43821B34-AEAD-4521-B37C-07314D2848A5",
                    "versionEndIncluding": "2.6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36",
                    "versionEndIncluding": "2.1.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "775615D7-1183-44BD-8E13-B18CC3F037B7",
                    "versionEndIncluding": "1.0.7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "78AA1D24-7A86-41D5-A9E4-3CF586D91F52",
                    "versionEndIncluding": "1.5.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "672D8FBE-F144-4BAF-B780-8234BB2D83D7",
                    "versionEndIncluding": "1.4.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "1A46D97F-01EA-43A4-AD82-1552112A2B82",
                    "versionEndIncluding": "6.0.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "555CCA86-7B43-4F8D-9A71-3A92D34A8F43",
                    "versionEndIncluding": "0.2.8",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "054FCFA2-C643-441A-8D13-233980433E88",
                    "versionEndIncluding": "1.0.5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9",
                    "versionEndIncluding": "1.2.3",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "5ADA61B8-B05E-4608-B331-80769EADB458",
                    "versionEndIncluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "15F0C47E-D2B5-47A8-BD7E-592439EF2745",
                    "versionEndIncluding": "1.2.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "D12B6939-0446-4C32-AA43-CE3D0052B9ED",
                    "versionEndIncluding": "1.4.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "EA71FDDC-0142-450E-9F0B-4609171BBE09",
                    "versionEndIncluding": "2.2.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "B893F859-596C-45AD-BE84-BE9FE35B2626",
                    "versionEndIncluding": "4.6.6",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*",
                    "matchCriteriaId": "E4720CB3-42E0-46B2-A74F-E118C427C44A",
                    "versionEndIncluding": "1.5.8",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
          },
          {
            "lang": "es",
            "value": "Vulnerabilidad de  Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \u2013 Gesti\u00f3n de membres\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \u2013 Complemento de membres\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \u2013 Proveedores, pedidos de suministro y gesti\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\u00e1ginas de WordPress \u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6."
          }
        ],
        "id": "CVE-2022-40700",
        "lastModified": "2024-01-30T23:03:18.550",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 4.2,
              "source": "audit@patchstack.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-19T15:15:08.020",
        "references": [
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
          },
          {
            "source": "audit@patchstack.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
          }
        ],
        "sourceIdentifier": "audit@patchstack.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "audit@patchstack.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2022-40700

Vulnerability from fkie_nvd - Published: 2024-01-19 15:15 - Updated: 2024-11-21 07:21

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
audit@patchstack.com	https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
audit@patchstack.com	https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve	Third Party Advisory

Impacted products

Vendor	Product	Version
millionclues	admin_css_mu	*
deano	amp_toolbox	*
unihost	confirm_data	*
agence-press	css_adder	*
millionclues	custom_login_admin_front-end_css	*
montonio	montonio_for_woocommerce	*
frumph	phpfreechat	*
designmodo	qards	*
paulclark	styles	*
squidesma	theme_minifier	*
longwatchstudio	woosupply	*
longwatchstudio	woovip	*
longwatchstudio	woovirtualwallet	*
arcstone	amo_for_wp_-_membership_management	*
wpopal	wpopal_core_features	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "43821B34-AEAD-4521-B37C-07314D2848A5",
              "versionEndIncluding": "2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36",
              "versionEndIncluding": "2.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "775615D7-1183-44BD-8E13-B18CC3F037B7",
              "versionEndIncluding": "1.0.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "78AA1D24-7A86-41D5-A9E4-3CF586D91F52",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "672D8FBE-F144-4BAF-B780-8234BB2D83D7",
              "versionEndIncluding": "1.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "1A46D97F-01EA-43A4-AD82-1552112A2B82",
              "versionEndIncluding": "6.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "555CCA86-7B43-4F8D-9A71-3A92D34A8F43",
              "versionEndIncluding": "0.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "054FCFA2-C643-441A-8D13-233980433E88",
              "versionEndIncluding": "1.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9",
              "versionEndIncluding": "1.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "5ADA61B8-B05E-4608-B331-80769EADB458",
              "versionEndIncluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "15F0C47E-D2B5-47A8-BD7E-592439EF2745",
              "versionEndIncluding": "1.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "D12B6939-0446-4C32-AA43-CE3D0052B9ED",
              "versionEndIncluding": "1.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "EA71FDDC-0142-450E-9F0B-4609171BBE09",
              "versionEndIncluding": "2.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "B893F859-596C-45AD-BE84-BE9FE35B2626",
              "versionEndIncluding": "4.6.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "E4720CB3-42E0-46B2-A74F-E118C427C44A",
              "versionEndIncluding": "1.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de  Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \u2013 Gesti\u00f3n de membres\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \u2013 Complemento de membres\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \u2013 Proveedores, pedidos de suministro y gesti\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\u00e1ginas de WordPress \u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6."
    }
  ],
  "id": "CVE-2022-40700",
  "lastModified": "2024-11-21T07:21:53.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "audit@patchstack.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-19T15:15:08.020",
  "references": [
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
    }
  ],
  "sourceIdentifier": "audit@patchstack.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "audit@patchstack.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-40700 (GCVE-0-2022-40700)

GHSA-3MV9-FMVF-XVMX

GSD-2022-40700

FKIE_CVE-2022-40700

Tags

Sightings

Nomenclature