← Back

CVE-2022-40700

nvd nist
Published: Jan 19, 2024Modified: Apr 28, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

Affected (15)

Show all products
Millionclues: Admin Css Mu, Custom Login Admin Front End Css · Deano: Amp Toolbox · Unihost: Confirm Data · Agence Press: Css Adder · Montonio: Montonio For Woocommerce · Frumph: Phpfreechat · Designmodo: Qards · Paulclark: Styles · Squidesma: Theme Minifier · Longwatchstudio: Woosupply, Woovip, Woovirtualwallet · Arcstone: Amo For Wp Membership Management · Wpopal: Wpopal Core Features
Millionclues
2 products
Admin Css Mu
Custom Login Admin Front End Css
Deano
1 product
Amp Toolbox
Unihost
1 product
Confirm Data
Agence Press
1 product
Css Adder
Montonio
1 product
Montonio For Woocommerce
Frumph
1 product
Phpfreechat
Designmodo
1 product
Qards
Paulclark
1 product
Styles
Squidesma
1 product
Theme Minifier
Longwatchstudio
3 products
Woosupply
Woovip
Woovirtualwallet
Arcstone
1 product
Amo For Wp Membership Management
Wpopal
1 product
Wpopal Core Features
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Admin Css Mu
Up to 2.6
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Amp Toolbox
Up to 2.1.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Confirm Data
Up to 1.0.7
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Css Adder
Up to 1.5.0
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Custom Login Admin Front End Css
Up to 1.4.1
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Montonio For Woocommerce
Up to 6.0.1
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Phpfreechat
Up to 0.2.8
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Qards
Up to 1.0.5
Configuration I
1 vulnerable
Vulnerable SoftwareAffected Versions
Styles
Up to 1.2.3
Configuration J
1 vulnerable
Vulnerable SoftwareAffected Versions
Theme Minifier
Up to 2.0
Configuration K
3 vulnerable
Vulnerable SoftwareAffected Versions
Woosupply
Up to 1.2.2
Woovip
Up to 1.4.4
Woovirtualwallet
Up to 2.2.1
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Amo For Wp Membership Management
Up to 4.6.6
Configuration M
1 vulnerable
Vulnerable SoftwareAffected Versions
Wpopal Core Features
Up to 1.5.8

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (30)

Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: audit@patchstack.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.