cbcvebase.
CVE-2022-40700
published 2024-01-19

CVE-2022-40700: Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone…

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.00%
58.4th percentile
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
agence-presscss_adder<= 1.5.0
amo_for_wp_membership_managementarcstonen/a – 4.6.6
arcstoneamo_for_wp_membership_management<= 4.6.6
arun_basil_laladmin_css_mun/a – 2.6
arun_basil_lalcustom_login_admin_front-end_cssn/a – 1.4.1
deanoamp_toolbox<= 2.1.1
deano1987amp_toolboxn/a – 2.1.1
designmodoqards<= 1.0.5
designmodo_incwordpress_page_builder_qardsn/a – 1.0.5
frumphphpfreechat<= 0.2.8
long_watch_studiowoovip_membership_plugin_for_wordpress_and_woocommercen/a – 1.4.4
long_watch_studiowoovirtualwallet_a_virtual_wallet_for_woocommercen/a – 2.2.1
longwatchstudiowoosupply<= 1.2.2
longwatchstudiowoovip<= 1.4.4
longwatchstudiowoovirtualwallet<= 2.2.1
millioncluesadmin_css_mu<= 2.6
millioncluescustom_login_admin_front-end_css<= 1.4.1
montoniomontonio_for_woocommerce<= 6.0.1
montoniomontonio_for_woocommercen/a – 6.0.1
paul_clarkstylesn/a – 1.2.3
paulclarkstyles<= 1.2.3
philip_m_hoferphpfreechatn/a – 0.2.8
squidesmatheme_minifier<= 2.0
squidesmatheme_minifiern/a – 2.0
team_agence-presscss_adder_by_agence-pressn/a – 1.5.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.