CVSS: 9.8EPSS: 13%CPEs: 15EXPL: 0CVE-2022-40700 – Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
https://notcve.org/view.php?id=CVE-2022-40700
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP – Gestión de membresía ArcStone wp-amo, Long Watch Studio WooVirtualWallet – Una billetera virtual para WooCommerce, Long Watch Studio WooVIP – Complemento de membresía para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gestión de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de páginas de WordPress: Qards, Philip M. • https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/css-adder-by-agence-press& • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18598 – Qards (All Versions) - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18598
The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. El plugin Qards hasta el 11-10-2017 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de un documento remoto especificado en el parámetro url en el archivo html2canvasproxy.php. • https://wpvulndb.com/vulnerabilities/8934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •