CVE-2022-3154

Published: Oct 10, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license

Vendor	Product	Versions
TODO	Woo Billingo Plus	affected `4.4.5.4 - < 4.4.5.4`
TODO	Integration for Billingo & Gravity Forms	affected `1.0.4 - < 1.0.4`
TODO	Integration for Szamlazz.hu & Gravity Forms	affected `1.2.7 - < 1.2.7`

Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3154

Description

Affected Products

Weaknesses (CWE)

References