{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2022-40700", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2022-09-27T08:42:32.033Z", "datePublished": "2024-01-19T14:30:11.427Z", "dateUpdated": "2026-04-28T16:07:49.226Z" }, "containers": { "cna": { "affected": [ { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "montonio-for-woocommerce", "product": "Montonio for WooCommerce", "vendor": "Montonio", "versions": [ { "changes": [ { "at": "6.0.2", "status": "unaffected" } ], "lessThanOrEqual": "6.0.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wpopal-core-features", "product": "Wpopal Core Features", "vendor": "Wpopal", "versions": [ { "lessThanOrEqual": "1.5.8", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-amo", "product": "ArcStone", "vendor": "AMO for WP – Membership Management", "versions": [ { "lessThanOrEqual": "4.6.6", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woovirtualwallet", "product": "WooVirtualWallet – A virtual wallet for WooCommerce", "vendor": "Long Watch Studio", "versions": [ { "lessThanOrEqual": "2.2.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woovip", "product": "WooVIP – Membership plugin for WordPress and WooCommerce", "vendor": "Long Watch Studio", "versions": [ { "lessThanOrEqual": "1.4.4", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woosupply", "product": "WooSupply – Suppliers, Supply Orders and Stock Management", "vendor": "Long Watch Studio", "versions": [ { "lessThanOrEqual": "1.2.2", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "theme-minifier", "product": "Theme Minifier", "vendor": "Squidesma", "versions": [ { "lessThanOrEqual": "2.0", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "styles", "product": "Styles", "vendor": "Paul Clark", "versions": [ { "lessThanOrEqual": "1.2.3", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "qards-free", "product": "WordPress Page Builder – Qards", "vendor": "Designmodo Inc.", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "phpfreechat", "product": "PHPFreeChat", "vendor": "Philip M. Hofer (Frumph)", "versions": [ { "lessThanOrEqual": "0.2.8", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "custom-login-admin-front-end-css-with-multisite-support", "product": "Custom Login Admin Front-end CSS", "vendor": "Arun Basil Lal", "versions": [ { "changes": [ { "at": "1.5", "status": "unaffected" } ], "lessThanOrEqual": "1.4.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "css-adder-by-agence-press", "product": "CSS Adder By Agence-Press", "vendor": "Team Agence-Press", "versions": [ { "lessThanOrEqual": "1.5.0", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "confirm-data", "product": "Confirm Data", "vendor": "Unihost", "versions": [ { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "amp-toolbox", "product": "AMP Toolbox", "vendor": "deano1987", "versions": [ { "lessThanOrEqual": "2.1.1", "status": "affected", "version": "n/a", "versionType": "custom" } ] }, { "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "admin-css-mu", "product": "Admin CSS MU", "vendor": "Arun Basil Lal", "versions": [ { "changes": [ { "at": "2.7", "status": "unaffected" } ], "lessThanOrEqual": "2.6", "status": "affected", "version": "n/a", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dave Jong (Patchstack)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.

This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

" } ], "value": "Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:07:49.226Z" }, "references": [ { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry" ], "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.
Update Custom Login Admin Front-end CSS to 1.5 or a higher version.
Update Admin CSS MU to 2.7 or a higher version
" } ], "value": "Update Montonio for WooCommerce to 6.0.2 or a higher version.\nUpdate Custom Login Admin Front-end CSS to 1.5 or a higher version.\nUpdate Admin CSS MU to 2.7 or a higher version" } ], "source": { "discovery": "EXTERNAL" }, "title": "Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:21:46.616Z" }, "title": "CVE Program Container", "references": [ { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve" } ] }, { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-11-13T17:39:55.482326Z", "id": "CVE-2022-40700", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T17:40:07.080Z" } } ] } }