Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-4888
HistoryJul 31, 2023 - 10:15 a.m.

CVE-2022-4888

2023-07-3110:15:09
[email protected]
web.nvd.nist.gov
4
wordpress
plugins
csrf
attackers
unauthorized actions

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.5%

JSON

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions

Affected configurations

Nvd
Node
addifyabandoned_cart_recoveryRange<1.2.5wordpress
OR
addifyadvanced_free_giftsRange<1.0.2wordpress
OR
addifycheckout_fields_managerRange<1.0.2wordpress
OR
addifycustom_fields_for_woocommerceRange<1.0.4wordpress
OR
addifycustom_order_numberRange1.0.1wordpress
OR
addifycustom_registration_forms_builderRange<1.0.2wordpress
OR
addifygift_registry_for_woocommerceRange1.0.1wordpress
OR
addifyimage_watermark_for_woocommerceRange1.0.1wordpress
OR
addifyorder_approval_for_woocommerceRange<1.1.0wordpress
OR
addifyorder_tracking_for_woocommerceRange<1.0.2wordpress
VendorProductVersionCPE
addifyabandoned_cart_recovery*cpe:2.3:a:addify:abandoned_cart_recovery:*:*:*:*:*:wordpress:*:*
addifyadvanced_free_gifts*cpe:2.3:a:addify:advanced_free_gifts:*:*:*:*:*:wordpress:*:*
addifycheckout_fields_manager*cpe:2.3:a:addify:checkout_fields_manager:*:*:*:*:*:wordpress:*:*
addifycustom_fields_for_woocommerce*cpe:2.3:a:addify:custom_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*
addifycustom_order_number*cpe:2.3:a:addify:custom_order_number:*:*:*:*:*:wordpress:*:*
addifycustom_registration_forms_builder*cpe:2.3:a:addify:custom_registration_forms_builder:*:*:*:*:*:wordpress:*:*
addifygift_registry_for_woocommerce*cpe:2.3:a:addify:gift_registry_for_woocommerce:*:*:*:*:*:wordpress:*:*
addifyimage_watermark_for_woocommerce*cpe:2.3:a:addify:image_watermark_for_woocommerce:*:*:*:*:*:wordpress:*:*
addifyorder_approval_for_woocommerce*cpe:2.3:a:addify:order_approval_for_woocommerce:*:*:*:*:*:wordpress:*:*
addifyorder_tracking_for_woocommerce*cpe:2.3:a:addify:order_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*

Related

wpvulndb 1
cvelist 1
prion 1
cve 1
wpexploit 1
wordfence 1
wpvulndb
wpvulndb
Multiple Plugins from Addify - Multiple CSRF
2023-07-10 00:00:00
cvelist
cvelist
CVE-2022-4888 Multiple Plugins from Addify - Multiple CSRF
2023-07-31 09:37:32
prion
prion
Cross site request forgery (csrf)
2023-07-31 10:15:00
cve
cve
CVE-2022-4888
2023-07-31 10:15:09
wpexploit
wpexploit
Multiple Plugins from Addify - Multiple CSRF
2023-07-10 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)
2023-07-20 13:29:41

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

30.5%

JSON
Related for NVD:CVE-2022-4888
wpvulndb1cvelist1prion1cve1wpexploit1wordfence1