Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-40700", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-09-27T08:42:32.033Z", "datePublished": "2024-01-19T14:30:11.427Z", "dateUpdated": "2024-11-13T17:40:07.080Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "montonio-for-woocommerce", "product": "Montonio for WooCommerce", "vendor": "Montonio", "versions": [{"changes": [{"at": "6.0.2", "status": "unaffected"}], "lessThanOrEqual": "6.0.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wpopal-core-features", "product": "Wpopal Core Features", "vendor": "Wpopal", "versions": [{"lessThanOrEqual": "1.5.8", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-amo", "product": "ArcStone", "vendor": "AMO for WP \u2013 Membership Management", "versions": [{"lessThanOrEqual": "4.6.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woovirtualwallet", "product": "WooVirtualWallet \u2013 A virtual wallet for WooCommerce", "vendor": "Long Watch Studio", "versions": [{"lessThanOrEqual": "2.2.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woovip", "product": "WooVIP \u2013 Membership plugin for WordPress and WooCommerce", "vendor": "Long Watch Studio", "versions": [{"lessThanOrEqual": "1.4.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woosupply", "product": "WooSupply \u2013 Suppliers, Supply Orders and Stock Management", "vendor": "Long Watch Studio", "versions": [{"lessThanOrEqual": "1.2.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "theme-minifier", "product": "Theme Minifier", "vendor": "Squidesma", "versions": [{"lessThanOrEqual": "2.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "styles", "product": "Styles", "vendor": "Paul Clark", "versions": [{"lessThanOrEqual": "1.2.3", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "qards-free", "product": "WordPress Page Builder \u2013 Qards", "vendor": "Designmodo Inc.", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "phpfreechat", "product": "PHPFreeChat", "vendor": "Philip M. Hofer (Frumph)", "versions": [{"lessThanOrEqual": "0.2.8", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "custom-login-admin-front-end-css-with-multisite-support", "product": "Custom Login Admin Front-end CSS", "vendor": "Arun Basil Lal", "versions": [{"changes": [{"at": "1.5", "status": "unaffected"}], "lessThanOrEqual": "1.4.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "css-adder-by-agence-press", "product": "CSS Adder By Agence-Press", "vendor": "Team Agence-Press", "versions": [{"lessThanOrEqual": "1.5.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "confirm-data", "product": "Confirm Data", "vendor": "Unihost", "versions": [{"lessThanOrEqual": "1.0.7", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "amp-toolbox", "product": "AMP Toolbox", "vendor": "deano1987", "versions": [{"lessThanOrEqual": "2.1.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}, {"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "admin-css-mu", "product": "Admin CSS MU", "vendor": "Arun Basil Lal", "versions": [{"changes": [{"at": "2.7", "status": "unaffected"}], "lessThanOrEqual": "2.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.<p>This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.</p>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP \u2013 Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet \u2013 A virtual wallet for WooCommerce, Long Watch Studio WooVIP \u2013 Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply \u2013 Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder \u2013 Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet \u2013 A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP \u2013 Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply \u2013 Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder \u2013 Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-01-19T14:30:11.427Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.<br>Update Custom Login Admin Front-end CSS to 1.5 or a higher version.<br>Update Admin CSS MU to 2.7 or a higher version<br>"}], "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\nUpdate Admin CSS MU to 2.7 or a higher version\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:21:46.616Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T17:39:55.482326Z", "id": "CVE-2022-40700", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T17:40:07.080Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat