Lucene search
WPScanCVELIST:CVE-2022-3154HistoryOct 10, 2022 - 12:00 a.m.
CVE-2022-3154 Multiple Plugins from Viszt Peter - Multiple CSRF
2022-10-1000:00:00
CWE-352
WPScan
www.cve.org
3
vulnerability
wordpress
csrf
ajax
attackers
shop managers
EPSS
0.001
Percentile
26.3%
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin’s license
CNA Affected
[
{
"vendor": "TODO",
"product": "Woo Billingo Plus",
"versions": [
{
"version": "4.4.5.4",
"status": "affected",
"lessThan": "4.4.5.4",
"versionType": "custom"
}
]
},
{
"vendor": "TODO",
"product": "Integration for Billingo & Gravity Forms",
"versions": [
{
"version": "1.0.4",
"status": "affected",
"lessThan": "1.0.4",
"versionType": "custom"
}
]
},
{
"vendor": "TODO",
"product": "Integration for Szamlazz.hu & Gravity Forms",
"versions": [
{
"version": "1.2.7",
"status": "affected",
"lessThan": "1.2.7",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-3154
2022-10-10 21:15:11
patchstack
patchstack
cnvd
cnvd
prion
prion
Cross site request forgery (csrf)
2022-10-10 21:15:00
nvd
nvd
CVE-2022-3154
2022-10-10 21:15:11
wpexploit
wpexploit
Multiple Plugins from Viszt Peter - Multiple CSRF
2022-09-14 00:00:00
wpvulndb
wpvulndb
Multiple Plugins from Viszt Peter - Multiple CSRF
2022-09-14 00:00:00