CVE-2022-40700
Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.
Vulnerabilidad de Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP – Gestión de membresía ArcStone wp-amo, Long Watch Studio WooVirtualWallet – Una billetera virtual para WooCommerce, Long Watch Studio WooVIP – Complemento de membresía para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gestión de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de páginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesión personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membresía para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply – Proveedores, pedidos de suministro y gestión de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de páginas de WordPress – Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesión personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6.
The module cerdic/csstidy, which is used in several plugins, is vulnerable to Server-Side Request Forgery due to the inclusion of test code that does not verify a user-provided URL. This can allow unauthenticated attackers to to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-27 CVE Reserved
- 2023-03-03 CVE Published
- 2024-01-31 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (15)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Millionclues Search vendor "Millionclues" | Admin Css Mu Search vendor "Millionclues" for product "Admin Css Mu" | <= 2.6 Search vendor "Millionclues" for product "Admin Css Mu" and version " <= 2.6" | wordpress |
Affected
| ||||||
| Deano Search vendor "Deano" | Amp Toolbox Search vendor "Deano" for product "Amp Toolbox" | <= 2.1.1 Search vendor "Deano" for product "Amp Toolbox" and version " <= 2.1.1" | wordpress |
Affected
| ||||||
| Unihost Search vendor "Unihost" | Confirm Data Search vendor "Unihost" for product "Confirm Data" | <= 1.0.7 Search vendor "Unihost" for product "Confirm Data" and version " <= 1.0.7" | wordpress |
Affected
| ||||||
| Agence-press Search vendor "Agence-press" | Css Adder Search vendor "Agence-press" for product "Css Adder" | <= 1.5.0 Search vendor "Agence-press" for product "Css Adder" and version " <= 1.5.0" | wordpress |
Affected
| ||||||
| Millionclues Search vendor "Millionclues" | Custom Login Admin Front-end Css Search vendor "Millionclues" for product "Custom Login Admin Front-end Css" | <= 1.4.1 Search vendor "Millionclues" for product "Custom Login Admin Front-end Css" and version " <= 1.4.1" | wordpress |
Affected
| ||||||
| Montonio Search vendor "Montonio" | Montonio For Woocommerce Search vendor "Montonio" for product "Montonio For Woocommerce" | <= 6.0.1 Search vendor "Montonio" for product "Montonio For Woocommerce" and version " <= 6.0.1" | wordpress |
Affected
| ||||||
| Frumph Search vendor "Frumph" | Phpfreechat Search vendor "Frumph" for product "Phpfreechat" | <= 0.2.8 Search vendor "Frumph" for product "Phpfreechat" and version " <= 0.2.8" | wordpress |
Affected
| ||||||
| Designmodo Search vendor "Designmodo" | Qards Search vendor "Designmodo" for product "Qards" | <= 1.0.5 Search vendor "Designmodo" for product "Qards" and version " <= 1.0.5" | wordpress |
Affected
| ||||||
| Paulclark Search vendor "Paulclark" | Styles Search vendor "Paulclark" for product "Styles" | <= 1.2.3 Search vendor "Paulclark" for product "Styles" and version " <= 1.2.3" | wordpress |
Affected
| ||||||
| Squidesma Search vendor "Squidesma" | Theme Minifier Search vendor "Squidesma" for product "Theme Minifier" | <= 2.0 Search vendor "Squidesma" for product "Theme Minifier" and version " <= 2.0" | wordpress |
Affected
| ||||||
| Longwatchstudio Search vendor "Longwatchstudio" | Woosupply Search vendor "Longwatchstudio" for product "Woosupply" | <= 1.2.2 Search vendor "Longwatchstudio" for product "Woosupply" and version " <= 1.2.2" | wordpress |
Affected
| ||||||
| Longwatchstudio Search vendor "Longwatchstudio" | Woovip Search vendor "Longwatchstudio" for product "Woovip" | <= 1.4.4 Search vendor "Longwatchstudio" for product "Woovip" and version " <= 1.4.4" | wordpress |
Affected
| ||||||
| Longwatchstudio Search vendor "Longwatchstudio" | Woovirtualwallet Search vendor "Longwatchstudio" for product "Woovirtualwallet" | <= 2.2.1 Search vendor "Longwatchstudio" for product "Woovirtualwallet" and version " <= 2.2.1" | wordpress |
Affected
| ||||||
| Arcstone Search vendor "Arcstone" | Amo For Wp - Membership Management Search vendor "Arcstone" for product "Amo For Wp - Membership Management" | <= 4.6.6 Search vendor "Arcstone" for product "Amo For Wp - Membership Management" and version " <= 4.6.6" | wordpress |
Affected
| ||||||
| Wpopal Search vendor "Wpopal" | Wpopal Core Features Search vendor "Wpopal" for product "Wpopal Core Features" | <= 1.5.8 Search vendor "Wpopal" for product "Wpopal Core Features" and version " <= 1.5.8" | wordpress |
Affected
| ||||||