CVE-2022-40700

{"id": "CVE-2022-40700", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-01-19T15:15:08.020", "references": [{"url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP \u2013 Gesti\u00f3n de membres\u00eda ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 Una billetera virtual para WooCommerce, Long Watch Studio WooVIP \u2013 Complemento de membres\u00eda para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gesti\u00f3n de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de p\u00e1ginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesi\u00f3n personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membres\u00eda para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply \u2013 Proveedores, pedidos de suministro y gesti\u00f3n de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de p\u00e1ginas de WordPress \u2013 Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesi\u00f3n personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6."}], "lastModified": "2024-01-30T23:03:18.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "43821B34-AEAD-4521-B37C-07314D2848A5", "versionEndIncluding": "2.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36", "versionEndIncluding": "2.1.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "775615D7-1183-44BD-8E13-B18CC3F037B7", "versionEndIncluding": "1.0.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "78AA1D24-7A86-41D5-A9E4-3CF586D91F52", "versionEndIncluding": "1.5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "672D8FBE-F144-4BAF-B780-8234BB2D83D7", "versionEndIncluding": "1.4.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1A46D97F-01EA-43A4-AD82-1552112A2B82", "versionEndIncluding": "6.0.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "555CCA86-7B43-4F8D-9A71-3A92D34A8F43", "versionEndIncluding": "0.2.8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "054FCFA2-C643-441A-8D13-233980433E88", "versionEndIncluding": "1.0.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9", "versionEndIncluding": "1.2.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5ADA61B8-B05E-4608-B331-80769EADB458", "versionEndIncluding": "2.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "15F0C47E-D2B5-47A8-BD7E-592439EF2745", "versionEndIncluding": "1.2.2"}, {"criteria": "cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D12B6939-0446-4C32-AA43-CE3D0052B9ED", "versionEndIncluding": "1.4.4"}, {"criteria": "cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EA71FDDC-0142-450E-9F0B-4609171BBE09", "versionEndIncluding": "2.2.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B893F859-596C-45AD-BE84-BE9FE35B2626", "versionEndIncluding": "4.6.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E4720CB3-42E0-46B2-A74F-E118C427C44A", "versionEndIncluding": "1.5.8"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}