CVE-2022-40700 (GCVE-0-2022-40700)
Vulnerability from cvelistv5
Published
2024-01-19 14:30
Modified
2024-11-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Montonio | Montonio for WooCommerce |
Version: n/a < |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:39:55.482326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:40:07.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "montonio-for-woocommerce",
"product": "Montonio for WooCommerce",
"vendor": "Montonio",
"versions": [
{
"changes": [
{
"at": "6.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpopal-core-features",
"product": "Wpopal Core Features",
"vendor": "Wpopal",
"versions": [
{
"lessThanOrEqual": "1.5.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-amo",
"product": "ArcStone",
"vendor": "AMO for WP \u2013 Membership Management",
"versions": [
{
"lessThanOrEqual": "4.6.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woovirtualwallet",
"product": "WooVirtualWallet \u2013 A virtual wallet for WooCommerce",
"vendor": "Long Watch Studio",
"versions": [
{
"lessThanOrEqual": "2.2.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woovip",
"product": "WooVIP \u2013 Membership plugin for WordPress and WooCommerce",
"vendor": "Long Watch Studio",
"versions": [
{
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woosupply",
"product": "WooSupply \u2013 Suppliers, Supply Orders and Stock Management",
"vendor": "Long Watch Studio",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "theme-minifier",
"product": "Theme Minifier",
"vendor": "Squidesma",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "styles",
"product": "Styles",
"vendor": "Paul Clark",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "qards-free",
"product": "WordPress Page Builder \u2013 Qards",
"vendor": "Designmodo Inc.",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "phpfreechat",
"product": "PHPFreeChat",
"vendor": "Philip M. Hofer (Frumph)",
"versions": [
{
"lessThanOrEqual": "0.2.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "custom-login-admin-front-end-css-with-multisite-support",
"product": "Custom Login Admin Front-end CSS",
"vendor": "Arun Basil Lal",
"versions": [
{
"changes": [
{
"at": "1.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "css-adder-by-agence-press",
"product": "CSS Adder By Agence-Press",
"vendor": "Team Agence-Press",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "confirm-data",
"product": "Confirm Data",
"vendor": "Unihost",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "amp-toolbox",
"product": "AMP Toolbox",
"vendor": "deano1987",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "admin-css-mu",
"product": "Admin CSS MU",
"vendor": "Arun Basil Lal",
"versions": [
{
"changes": [
{
"at": "2.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dave Jong (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.\u003cp\u003eThis issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T14:30:11.427Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\u003cbr\u003eUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\u003cbr\u003eUpdate Admin CSS MU to 2.7 or a higher version\u003cbr\u003e"
}
],
"value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\nUpdate Admin CSS MU to 2.7 or a higher version\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-40700",
"datePublished": "2024-01-19T14:30:11.427Z",
"dateReserved": "2022-09-27T08:42:32.033Z",
"dateUpdated": "2024-11-13T17:40:07.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:21:46.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40700\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T17:39:55.482326Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T17:40:03.390Z\"}}], \"cna\": {\"title\": \"Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Dave Jong (Patchstack)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Montonio\", \"product\": \"Montonio for WooCommerce\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"6.0.2\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.0.1\"}], \"packageName\": \"montonio-for-woocommerce\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Wpopal\", \"product\": \"Wpopal Core Features\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.8\"}], \"packageName\": \"wpopal-core-features\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"AMO for WP \\u2013 Membership Management\", \"product\": \"ArcStone\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.6.6\"}], \"packageName\": \"wp-amo\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooVirtualWallet \\u2013 A virtual wallet for WooCommerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.2.1\"}], \"packageName\": \"woovirtualwallet\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooVIP \\u2013 Membership plugin for WordPress and WooCommerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.4\"}], \"packageName\": \"woovip\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Long Watch Studio\", \"product\": \"WooSupply \\u2013 Suppliers, Supply Orders and Stock Management\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2\"}], \"packageName\": \"woosupply\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Squidesma\", \"product\": \"Theme Minifier\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.0\"}], \"packageName\": \"theme-minifier\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Paul Clark\", \"product\": \"Styles\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.3\"}], \"packageName\": \"styles\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Designmodo Inc.\", \"product\": \"WordPress Page Builder \\u2013 Qards\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.5\"}], \"packageName\": \"qards-free\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Philip M. Hofer (Frumph)\", \"product\": \"PHPFreeChat\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.2.8\"}], \"packageName\": \"phpfreechat\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arun Basil Lal\", \"product\": \"Custom Login Admin Front-end CSS\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.5\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.4.1\"}], \"packageName\": \"custom-login-admin-front-end-css-with-multisite-support\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Team Agence-Press\", \"product\": \"CSS Adder By Agence-Press\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.5.0\"}], \"packageName\": \"css-adder-by-agence-press\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Unihost\", \"product\": \"Confirm Data\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.7\"}], \"packageName\": \"confirm-data\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"deano1987\", \"product\": \"AMP Toolbox\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1.1\"}], \"packageName\": \"amp-toolbox\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Arun Basil Lal\", \"product\": \"Admin CSS MU\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.7\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.6\"}], \"packageName\": \"admin-css-mu\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Montonio for WooCommerce to 6.0.2 or a higher version.\\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\\nUpdate Admin CSS MU to 2.7 or a higher version\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update Montonio for WooCommerce to 6.0.2 or a higher version.\u003cbr\u003eUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\u003cbr\u003eUpdate Admin CSS MU to 2.7 or a higher version\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \\u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \\u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \\u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \\u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \\u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \\u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \\u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \\u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \\u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \\u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \\u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \\u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \\u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.\u003cp\u003eThis issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \\u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \\u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \\u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \\u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2024-01-19T14:30:11.427Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-40700\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:40:07.080Z\", \"dateReserved\": \"2022-09-27T08:42:32.033Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2024-01-19T14:30:11.427Z\", \"assignerShortName\": \"Patchstack\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…