CVE-2022-40700

Published Jan 19, 2024

Last updated 10 months ago

CVSS critical 9.8

Overview

Description: Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.
Source: audit@patchstack.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

audit@patchstack.com: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43821B34-AEAD-4521-B37C-07314D2848A5",
            "versionEndIncluding": "2.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36",
            "versionEndIncluding": "2.1.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "775615D7-1183-44BD-8E13-B18CC3F037B7",
            "versionEndIncluding": "1.0.7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78AA1D24-7A86-41D5-A9E4-3CF586D91F52",
            "versionEndIncluding": "1.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "672D8FBE-F144-4BAF-B780-8234BB2D83D7",
            "versionEndIncluding": "1.4.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A46D97F-01EA-43A4-AD82-1552112A2B82",
            "versionEndIncluding": "6.0.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "555CCA86-7B43-4F8D-9A71-3A92D34A8F43",
            "versionEndIncluding": "0.2.8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054FCFA2-C643-441A-8D13-233980433E88",
            "versionEndIncluding": "1.0.5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9",
            "versionEndIncluding": "1.2.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ADA61B8-B05E-4608-B331-80769EADB458",
            "versionEndIncluding": "2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15F0C47E-D2B5-47A8-BD7E-592439EF2745",
            "versionEndIncluding": "1.2.2"
          },
          {
            "criteria": "cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D12B6939-0446-4C32-AA43-CE3D0052B9ED",
            "versionEndIncluding": "1.4.4"
          },
          {
            "criteria": "cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA71FDDC-0142-450E-9F0B-4609171BBE09",
            "versionEndIncluding": "2.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B893F859-596C-45AD-BE84-BE9FE35B2626",
            "versionEndIncluding": "4.6.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4720CB3-42E0-46B2-A74F-E118C427C44A",
            "versionEndIncluding": "1.5.8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References