CVE-2022-3154
Multiple Plugins from Viszt Peter - Multiple CSRF
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
| CWE | CWE-352 |
| Vendor | todo |
| Product | woo billingo plus |
| Published | Oct 10, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for todo woo billingo plus
Be the first to know when new unknown vulnerabilities affecting todo woo billingo plus are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TODO / Woo Billingo Plus
4.4.5.4 < 4.4.5.4
TODO / Integration for Billingo & Gravity Forms
1.0.4 < 1.0.4
TODO / Integration for Szamlazz.hu & Gravity Forms
1.2.7 < 1.2.7
References
Credits
Lana Codes