CVE-2022-2556

🗓️ 29 Aug 2022 17:15:36Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 53 Views🌐 WEB

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 allows high privilege users to perform unauthorized POST requests to the internal networ

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2022-2556	29 Aug 202218:15	–	attackerkb
Circl	CVE-2022-2556	29 Aug 202222:34	–	circl
CNNVD	WordPress plugin Mailchimp for WooCommerce 代码问题漏洞	29 Aug 202200:00	–	cnnvd
Cvelist	CVE-2022-2556 MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF	29 Aug 202217:15	–	cvelist
EUVD	EUVD-2022-34810	3 Oct 202520:07	–	euvd
NVD	CVE-2022-2556	29 Aug 202218:15	–	nvd
OpenVAS	WordPress Mailchimp for WooCommerce Plugin < 2.7.2 SSRF Vulnerability	4 Oct 202200:00	–	openvas
OSV	CVE-2022-2556	29 Aug 202218:15	–	osv
Patchstack	WordPress Mailchimp for WooCommerce plugin <= 2.7.1 - Authenticated Server-Side Request Forgery (SSRF) vulnerability	3 Aug 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	29 Aug 202218:15	–	prion

NVD

Vulners

Node

mailchimp mailchimp_for_woocommerceRange<2.7.2wordpress

[
  {
    "product": "Mailchimp for WooCommerce",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.7.2",
        "status": "affected",
        "version": "2.7.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/f2a59eaa-6b44-4098-912f-823289cf33b0

Parameter	Position	Path	Description	CWE
action	request body	wp-admin/admin-ajax.php	AJAX action allows high-privilege users to cause server-side POST requests to internal network via admin-ajax and echoes the body, enabling internal network scanning.	CWE-918
url	request body	wp-admin/admin-ajax.php	AJAX action allows high-privilege users to cause server-side POST requests to internal network via admin-ajax and echoes the body, enabling internal network scanning.	CWE-918

21 Nov 2024 07:01Current

3.2Low risk

Vulners AI Score3.2

CVSS 3.12.7

EPSS0.0023

CWE-918