CVSS: 9.8EPSS: 13%CPEs: 15EXPL: 0CVE-2022-40700 – Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
https://notcve.org/view.php?id=CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP – Gestión de membresía ArcStone wp-amo, Long Watch Studio WooVirtualWallet – Una billetera virtual para WooCommerce, Long Watch Studio WooVIP – Complemento de membresía para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gestión de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de páginas de WordPress: Qards, Philip M. • https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/css-adder-by-agence-press& • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2018-5954 – PHPFreeChat 1.7 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-5954
phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. phpFreeChat 1.7 y anteriores permite que los atacantes remotos provoquen una denegación de servicio (DoS) enviando un número grande de comandos connect. PHPFreeChat version 1.7 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/43852 http://packetstormsecurity.com/files/146037/PHPFreeChat-1.7-Denial-Of-Service.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3777
https://notcve.org/view.php?id=CVE-2011-3777
phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. phpFreeChat v1.3 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con themes/zilveer/style.css.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpfreechat-1.3 http://www.openwall.com/lists/oss-security/2011/06/27/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/70543 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2008-3428
https://notcve.org/view.php?id=CVE-2008-3428
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. Vulnerabilidad de fijación de sesión en phpFreeChat 1.1, permite a usuarios remotos autenticados secuestrar sesiones web estableciendo el parámetro session_id para que sea igual al parámetro nickid. • http://secunia.com/advisories/31283 http://www.phpfreechat.net/changelog/1.2 http://www.securityfocus.com/bid/30462 https://exchange.xforce.ibmcloud.com/vulnerabilities/44116 • CWE-287: Improper Authentication •