Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by integration_for_billingo_\&_gravity_forms_project
CVE-2022-3154 (GCVE-0-2022-3154)
Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 01:00
VLAI
Title
Multiple Plugins from Viszt Peter - Multiple CSRF
Summary
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| TODO | Woo Billingo Plus |
Affected:
4.4.5.4 , < 4.4.5.4
(custom)
|
|
| TODO | Integration for Billingo & Gravity Forms |
Affected:
1.0.4 , < 1.0.4
(custom)
|
|
| TODO | Integration for Szamlazz.hu & Gravity Forms |
Affected:
1.2.7 , < 1.2.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Woo Billingo Plus",
"vendor": "TODO",
"versions": [
{
"lessThan": "4.4.5.4",
"status": "affected",
"version": "4.4.5.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Billingo \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.0.4",
"status": "affected",
"version": "1.0.4",
"versionType": "custom"
}
]
},
{
"product": "Integration for Szamlazz.hu \u0026 Gravity Forms",
"vendor": "TODO",
"versions": [
{
"lessThan": "1.2.7",
"status": "affected",
"version": "1.2.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo \u0026 Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu \u0026 Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin\u0027s license"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple Plugins from Viszt Peter - Multiple CSRF",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3154",
"datePublished": "2022-10-10T00:00:00.000Z",
"dateReserved": "2022-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}