๐Ÿ” CVE Alert

CVE-2022-40700

HIGH 8.2

Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP โ€“ Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet โ€“ A virtual wallet for WooCommerce, Long Watch Studio WooVIP โ€“ Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply โ€“ Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder โ€“ Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet โ€“ A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP โ€“ Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply โ€“ Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder โ€“ Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

CWE CWE-918
Vendor montonio
Product montonio for woocommerce
Published Jan 19, 2024
Last Updated Apr 28, 2026
Stay Ahead of the Next One

Get instant alerts for montonio montonio for woocommerce

Be the first to know when new high vulnerabilities affecting montonio montonio for woocommerce are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Affected Versions

Montonio / Montonio for WooCommerce
n/a โ‰ค 6.0.1
Wpopal / Wpopal Core Features
n/a โ‰ค 1.5.8
AMO for WP โ€“ Membership Management / ArcStone
n/a โ‰ค 4.6.6
Long Watch Studio / WooVirtualWallet โ€“ A virtual wallet for WooCommerce
n/a โ‰ค 2.2.1
Long Watch Studio / WooVIP โ€“ Membership plugin for WordPress and WooCommerce
n/a โ‰ค 1.4.4
Long Watch Studio / WooSupply โ€“ Suppliers, Supply Orders and Stock Management
n/a โ‰ค 1.2.2
Squidesma / Theme Minifier
n/a โ‰ค 2.0
Paul Clark / Styles
n/a โ‰ค 1.2.3
Designmodo Inc. / WordPress Page Builder โ€“ Qards
n/a โ‰ค 1.0.5
Philip M. Hofer (Frumph) / PHPFreeChat
n/a โ‰ค 0.2.8
Arun Basil Lal / Custom Login Admin Front-end CSS
n/a โ‰ค 1.4.1
Team Agence-Press / CSS Adder By Agence-Press
n/a โ‰ค 1.5.0
Unihost / Confirm Data
n/a โ‰ค 1.0.7
deano1987 / AMP Toolbox
n/a โ‰ค 2.1.1
Arun Basil Lal / Admin CSS MU
n/a โ‰ค 2.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

Credits

Dave Jong (Patchstack)