CVE-2022-4888

🗓️ 31 Jul 2023 09:37:32Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

Flawed CSRF checks in multiple WordPress plugin

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-4888	31 Jul 202314:37	–	circl
CNNVD	WordPress plugin 跨站请求伪造漏洞	12 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-4888 Multiple Plugins from Addify - Multiple CSRF	31 Jul 202309:37	–	cvelist
EUVD	EUVD-2022-52146	3 Oct 202520:07	–	euvd
NVD	CVE-2022-4888	31 Jul 202310:15	–	nvd
OSV	CVE-2022-4888	31 Jul 202310:15	–	osv
Prion	Cross site request forgery (csrf)	31 Jul 202310:15	–	prion
Positive Technologies	PT-2023-15899 · WordPress · Checkout Fields Manager +12	31 Jul 202300:00	–	ptsecurity
RedhatCVE	CVE-2022-4888	23 May 202500:32	–	redhatcve
Vulnrichment	CVE-2022-4888 Multiple Plugins from Addify - Multiple CSRF	31 Jul 202309:37	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

addify abandoned_cart_recoveryRange<1.2.5wordpress

addify advanced_free_giftsRange<1.0.2wordpress

addify checkout_fields_managerRange<1.0.2wordpress

addify custom_fields_for_woocommerceRange<1.0.4wordpress

addify custom_order_numberRange≤1.0.1wordpress

addify custom_registration_forms_builderRange<1.0.2wordpress

addify gift_registry_for_woocommerceRange≤1.0.1wordpress

addify image_watermark_for_woocommerceRange≤1.0.1wordpress

addify order_approval_for_woocommerceRange<1.1.0wordpress

addify order_tracking_for_woocommerceRange<1.0.2wordpress

[
  {
    "vendor": "Unknown",
    "product": "Checkout Fields Manager",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Abandoned Cart Recovery",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.2.5"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Custom Fields for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.4"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Custom Order Number",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.1"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "Custom Registration Forms Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Advanced Free Gifts",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Gift Registry for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.1"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "Image Watermark for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Order Approval for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.1.0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Order Tracking for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Price Calculator for WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.3"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "Product Dynamic Pricing and Discounts",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.6"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "Product Labels and Stickers",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0.1"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc

Parameter	Position	Path	Description	CWE
post[]	query param	/wp-admin/edit.php?s=&post_status=all&post_type=shop_order&action=approved&m=0&_customer_user=&paged=1&post%5B%5D=103&action2=approved	CSRF vulnerability allowing an attacker to induce an admin to approve an order (ID 103) by crafting a request to the admin endpoint.	CWE-352
action	query param	/wp-admin/edit.php?s=&post_status=all&post_type=shop_order&action=approved&m=0&_customer_user=&paged=1&post%5B%5D=103&action2=approved	CSRF vulnerability allowing an attacker to induce an admin to approve an order (ID 103) by crafting a request to the admin endpoint.	CWE-352
action2	query param	/wp-admin/edit.php?s=&post_status=all&post_type=shop_order&action=approved&m=0&_customer_user=&paged=1&post%5B%5D=103&action2=approved	CSRF vulnerability allowing an attacker to induce an admin to approve an order (ID 103) by crafting a request to the admin endpoint.	CWE-352

17 Jun 2026 05:22Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.5

EPSS0.00269

SSVC