EUVD-2022-43971

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Server-Side Request Forgery vulnerability in multiple plugins for WooCommerce and WordPress affects versions.

Reporter	Title	Published	Views	Family All 26
Circl	CVE-2022-40700	15 Feb 202411:51	–	circl
CNNVD	WordPress plugin Admin CSS MU code issue vulnerability	19 Jan 202400:00	–	cnnvd
CVE	CVE-2022-40700	19 Jan 202414:30	–	cve
Cvelist	CVE-2022-40700 Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins	19 Jan 202414:30	–	cvelist
NVD	CVE-2022-40700	19 Jan 202415:15	–	nvd
OSV	CVE-2022-40700	19 Jan 202415:15	–	osv
Patchstack	WordPress Admin CSS MU Plugin <= 2.6 is vulnerable to Server Side Request Forgery (SSRF)	3 Mar 202300:00	–	patchstack
Patchstack	WordPress Confirm Data Plugin <= 1.0.7 is vulnerable to Server Side Request Forgery (SSRF)	3 Mar 202300:00	–	patchstack
Patchstack	WordPress WooVirtualWallet – A virtual wallet for WooCommerce Plugin <= 2.2.1 is vulnerable to Server Side Request Forgery (SSRF)	3 Mar 202300:00	–	patchstack
Patchstack	WordPress WooVIP – Membership plugin for WordPress and WooCommerce Plugin <= 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)	3 Mar 202300:00	–	patchstack

[
  {
    "enisaIdVendor": [
      {
        "id": "058a7b0e-3c59-3e8a-88c9-742afb8b4a8c",
        "vendor": {
          "name": "Arun Basil Lal"
        }
      },
      {
        "id": "144e4b66-831d-31ba-bb1b-a5a0a59ff864",
        "vendor": {
          "name": "wpopal"
        }
      },
      {
        "id": "1e5a41d3-a4cc-36f2-b08c-708296e53ea2",
        "vendor": {
          "name": "Paul Clark"
        }
      },
      {
        "id": "3e475556-65ac-3f05-a2e2-b3e0d1094f76",
        "vendor": {
          "name": "Long Watch Studio"
        }
      },
      {
        "id": "49f3357f-601e-3333-8340-5e87db7f6af8",
        "vendor": {
          "name": "deano1987"
        }
      },
      {
        "id": "5011dd06-af1f-3307-970e-4f0b71699481",
        "vendor": {
          "name": "Team Agence-Press"
        }
      },
      {
        "id": "b0aad367-c9cc-368e-ae1a-07d1e2f3db59",
        "vendor": {
          "name": "Philip M. Hofer (Frumph)"
        }
      },
      {
        "id": "bad2639a-a2f6-34dd-b4a3-6fbeb1bd2548",
        "vendor": {
          "name": "Montonio"
        }
      },
      {
        "id": "bfd8f766-f4bc-3ac9-ae2f-e5581625f756",
        "vendor": {
          "name": "AMO for WP – Membership Management"
        }
      },
      {
        "id": "c8cf2c6a-460d-3030-bf1b-2655eb7f8769",
        "vendor": {
          "name": "Designmodo Inc."
        }
      },
      {
        "id": "cadd32ec-9681-3af0-a1db-5b59d072c245",
        "vendor": {
          "name": "Unihost"
        }
      },
      {
        "id": "fc9e3fd8-6334-3793-a61d-eba9378df43c",
        "vendor": {
          "name": "Squidesma"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0ab5ade7-8081-3242-911e-66343236081c",
        "product": {
          "name": "AMP Toolbox"
        },
        "product_version": "n/a ≤2.1.1"
      },
      {
        "id": "0d5c8ebd-67f1-37c9-ae4e-0cf9337fb2c1",
        "product": {
          "name": "Theme Minifier"
        },
        "product_version": "n/a ≤2.0"
      },
      {
        "id": "125d2adb-68ab-33b1-bcc4-ba263c4859ff",
        "product": {
          "name": "CSS Adder By Agence-Press"
        },
        "product_version": "n/a ≤1.5.0"
      },
      {
        "id": "13b780ee-ddcf-3b24-8737-ad04021e87ca",
        "product": {
          "name": "PHPFreeChat"
        },
        "product_version": "n/a ≤0.2.8"
      },
      {
        "id": "39f5a754-811e-3872-827f-d0576f81291d",
        "product": {
          "name": "Confirm Data"
        },
        "product_version": "n/a ≤1.0.7"
      },
      {
        "id": "4d236c1c-102d-3838-a6eb-727d156ed2ad",
        "product": {
          "name": "Montonio for WooCommerce"
        },
        "product_version": "n/a ≤6.0.1"
      },
      {
        "id": "5bcfdc6a-8be0-3501-bf7a-84834daa68e6",
        "product": {
          "name": "WooVirtualWallet – A virtual wallet for WooCommerce"
        },
        "product_version": "n/a ≤2.2.1"
      },
      {
        "id": "5c3fa6ac-634e-3961-8278-a39bcdd049c1",
        "product": {
          "name": "Styles"
        },
        "product_version": "n/a ≤1.2.3"
      },
      {
        "id": "7bd13539-6795-3c19-a4e7-cd0633372fe6",
        "product": {
          "name": "WooVIP – Membership plugin for WordPress and WooCommerce"
        },
        "product_version": "n/a ≤1.4.4"
      },
      {
        "id": "805a6f06-3c45-3b8e-a194-ac7c426eaf64",
        "product": {
          "name": "Admin CSS MU"
        },
        "product_version": "n/a ≤2.6"
      },
      {
        "id": "977444e0-927d-3c47-a884-6b609c24869a",
        "product": {
          "name": "WooSupply – Suppliers, Supply Orders and Stock Management"
        },
        "product_version": "n/a ≤1.2.2"
      },
      {
        "id": "97d8a2c6-447a-38da-8ce0-0c23f32301da",
        "product": {
          "name": "ArcStone"
        },
        "product_version": "n/a ≤4.6.6"
      },
      {
        "id": "9991ce27-75f7-3639-95d1-8aad9588d2bb",
        "product": {
          "name": "Custom Login Admin Front-end CSS"
        },
        "product_version": "n/a ≤1.4.1"
      },
      {
        "id": "aadaae4d-4166-383f-b9b3-4060018023f5",
        "product": {
          "name": "Wpopal Core Features"
        },
        "product_version": "n/a ≤1.5.8"
      },
      {
        "id": "c83a40e0-4f61-3a16-aa44-2ff55720ab91",
        "product": {
          "name": "WordPress Page Builder – Qards"
        },
        "product_version": "n/a ≤1.0.5"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf
patchstack	www.patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf

03 Oct 2025 20:07Current

9High risk

Vulners AI Score9

CVSS 3.18.2 - 9.8

EPSS0.00999

SSVC