CVE-2022-4363

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 74.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Wholesale Market Unknown Wholesale Market FOR Woocommerce Cedcommerce Wholesale Market +1 more

Timeline

PublishedMay 16

Description

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5unknown/wholesale_market_for_woocommerce< 2.0.1

▶CVEListV5unknown/wholesale_market< 2.2.2

▶NVDcedcommerce/wholesale_market< 2.2.2+1

🔴Vulnerability Details

GHSA

GHSA-fvhp-x5xr-47xv: The Wholesale Market WordPress plugin before 2↗2025-05-16

▶

CVEList

Wholesale Market <= 2.2.2 - Settings Update via CSRF↗2025-05-16

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-4361↗2023-08-25

▶