CVE-2022-40700

Name of the Vulnerable Software and Affected Versions Montonio for WooCommerce versions 6.0.1 and earlier Wpopal Core Features versions 1.5.8 and earlier ArcStone wp-amo versions 4.6.6 and earlier WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier WooVIP – Membership plugin for WordPress and WooCommerce versions 1.4.4 and earlier WooSupply – Suppliers, Supply Orders and Stock Management versions 1.2.2 and earlier Theme Minifier versions 2.0 and earlier Styles versions 1.2.3 and earlier WordPress Page Builder – Qards versions 1.0.5 and earlier PHPFreeChat versions 0.2.8 and earlier Custom Login Admin Front-end CSS versions 1.4.1 and earlier CSS Adder By Agence-Press versions 1.5.0 and earlier Confirm Data versions 1.0.7 and earlier AMP Toolbox versions 2.1.1 and earlier Admin CSS MU versions 2.6 and earlier

Description A Server-Side Request Forgery (SSRF) issue has been identified, affecting multiple plugins. This issue allows an attacker to forge requests to the server, potentially leading to unauthorized access or data exposure. The estimated number of potentially affected devices worldwide is not specified. There is no information available about real-world incidents where this issue was exploited.

Recommendations For Montonio for WooCommerce versions 6.0.1 and earlier, update to a version later than 6.0.1. For Wpopal Core Features versions 1.5.8 and earlier, update to a version later than 1.5.8. For ArcStone wp-amo versions 4.6.6 and earlier, update to a version later than 4.6.6. For WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier, update to a version later than 2.2.1. For WooVIP – Membership plugin for WordPress and WooCommerce versions 1.4.4 and earlier, update to a version later than 1.4.4. For WooSupply – Suppliers, Supply Orders and Stock Management versions 1.2.2 and earlier, update to a version later than 1.2.2. For Theme Minifier versions 2.0 and earlier, update to a version later than 2.0. For Styles versions 1.2.3 and earlier, update to a version later than 1.2.3. For WordPress Page Builder – Qards versions 1.0.5 and earlier, update to a version later than 1.0.5. For PHPFreeChat versions 0.2.8 and earlier, update to a version later than 0.2.8. For Custom Login Admin Front-end CSS versions 1.4.1 and earlier, update to a version later than 1.4.1. For CSS Adder By Agence-Press versions 1.5.0 and earlier, update to a version later than 1.5.0. For Confirm Data versions 1.0.7 and earlier, update to a version later than 1.0.7. For AMP Toolbox versions 2.1.1 and earlier, update to a version later than 2.1.1. For Admin CSS MU versions 2.6 and earlier, update to a version later than 2.6.