{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T14:44:05.866","vulnerabilities":[{"cve":{"id":"CVE-2022-40700","sourceIdentifier":"audit@patchstack.com","published":"2024-01-19T15:15:08.020","lastModified":"2026-06-17T05:01:51.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6."},{"lang":"es","value":"Vulnerabilidad de  Server-Side Request Forgery (SSRF) en Montonio Montonio para WooCommerce, Wpopal Funciones principales de Wpopal, AMO para WP – Gestión de membresía ArcStone wp-amo, Long Watch Studio WooVirtualWallet – Una billetera virtual para WooCommerce, Long Watch Studio WooVIP – Complemento de membresía para WordPress y WooCommerce, Long Watch Studio WooSupply: proveedores, pedidos de suministro y gestión de existencias, Squidesma Theme Minifier, estilos Paul Clark Styles, Designmodo Inc. Creador de páginas de WordPress: Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Administrador de inicio de sesión personalizado CSS front-end, Team Agence-Press CSS Adder de Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU. Este problema afecta a Montonio para WooCommerce: desde n/a hasta 6.0.1; Funciones principales de Wpopal: desde n/a hasta 1.5.8; ArcStone: desde n/a hasta 4.6.6; WooVirtualWallet: una billetera virtual para WooCommerce: desde n/a hasta 2.2.1; WooVIP: complemento de membresía para WordPress y WooCommerce: desde n/a hasta 1.4.4; WooSupply – Proveedores, pedidos de suministro y gestión de existencias: desde n/a hasta 1.2.2; Minificador de temas: desde n/a hasta 2.0; Estilos: desde n/a hasta 1.2.3; Creador de páginas de WordPress – Qards: desde n/a hasta 1.0.5; PHPFreeChat: desde n/a hasta 0.2.8; CSS de front-end de administrador de inicio de sesión personalizado: desde n/a hasta 1.4.1; Complemento CSS de Agence-Press: desde n/a hasta 1.5.0; Confirmar datos: desde n/a hasta 1.0.7; Caja de herramientas AMP: desde n/a hasta 2.1.1; Administrador CSS MU: desde n/a hasta 2.6."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Montonio","product":"Montonio for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"montonio-for-woocommerce","versions":[{"version":"n/a","lessThanOrEqual":"6.0.1","versionType":"custom","status":"affected","changes":[{"at":"6.0.2","status":"unaffected"}]}]},{"vendor":"Wpopal","product":"Wpopal Core Features","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wpopal-core-features","versions":[{"version":"n/a","lessThanOrEqual":"1.5.8","versionType":"custom","status":"affected"}]},{"vendor":"AMO for WP – Membership Management","product":"ArcStone","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"wp-amo","versions":[{"version":"n/a","lessThanOrEqual":"4.6.6","versionType":"custom","status":"affected"}]},{"vendor":"Long Watch Studio","product":"WooVirtualWallet – A virtual wallet for WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woovirtualwallet","versions":[{"version":"n/a","lessThanOrEqual":"2.2.1","versionType":"custom","status":"affected"}]},{"vendor":"Long Watch Studio","product":"WooVIP – Membership plugin for WordPress and WooCommerce","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woovip","versions":[{"version":"n/a","lessThanOrEqual":"1.4.4","versionType":"custom","status":"affected"}]},{"vendor":"Long Watch Studio","product":"WooSupply – Suppliers, Supply Orders and Stock Management","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"woosupply","versions":[{"version":"n/a","lessThanOrEqual":"1.2.2","versionType":"custom","status":"affected"}]},{"vendor":"Squidesma","product":"Theme Minifier","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"theme-minifier","versions":[{"version":"n/a","lessThanOrEqual":"2.0","versionType":"custom","status":"affected"}]},{"vendor":"Paul Clark","product":"Styles","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"styles","versions":[{"version":"n/a","lessThanOrEqual":"1.2.3","versionType":"custom","status":"affected"}]},{"vendor":"Designmodo Inc.","product":"WordPress Page Builder – Qards","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"qards-free","versions":[{"version":"n/a","lessThanOrEqual":"1.0.5","versionType":"custom","status":"affected"}]},{"vendor":"Philip M. Hofer (Frumph)","product":"PHPFreeChat","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"phpfreechat","versions":[{"version":"n/a","lessThanOrEqual":"0.2.8","versionType":"custom","status":"affected"}]},{"vendor":"Arun Basil Lal","product":"Custom Login Admin Front-end CSS","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"custom-login-admin-front-end-css-with-multisite-support","versions":[{"version":"n/a","lessThanOrEqual":"1.4.1","versionType":"custom","status":"affected","changes":[{"at":"1.5","status":"unaffected"}]}]},{"vendor":"Team Agence-Press","product":"CSS Adder By Agence-Press","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"css-adder-by-agence-press","versions":[{"version":"n/a","lessThanOrEqual":"1.5.0","versionType":"custom","status":"affected"}]},{"vendor":"Unihost","product":"Confirm Data","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"confirm-data","versions":[{"version":"n/a","lessThanOrEqual":"1.0.7","versionType":"custom","status":"affected"}]},{"vendor":"deano1987","product":"AMP Toolbox","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"amp-toolbox","versions":[{"version":"n/a","lessThanOrEqual":"2.1.1","versionType":"custom","status":"affected"}]},{"vendor":"Arun Basil Lal","product":"Admin CSS MU","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"admin-css-mu","versions":[{"version":"n/a","lessThanOrEqual":"2.6","versionType":"custom","status":"affected","changes":[{"at":"2.7","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-13T17:39:55.482326Z","id":"CVE-2022-40700","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:millionclues:admin_css_mu:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.6","matchCriteriaId":"43821B34-AEAD-4521-B37C-07314D2848A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:deano:amp_toolbox:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.1.1","matchCriteriaId":"F3BD4E77-8EE1-4F83-A080-A82E9EAC6A36"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unihost:confirm_data:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.0.7","matchCriteriaId":"775615D7-1183-44BD-8E13-B18CC3F037B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agence-press:css_adder:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.5.0","matchCriteriaId":"78AA1D24-7A86-41D5-A9E4-3CF586D91F52"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:millionclues:custom_login_admin_front-end_css:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.4.1","matchCriteriaId":"672D8FBE-F144-4BAF-B780-8234BB2D83D7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:montonio:montonio_for_woocommerce:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"1A46D97F-01EA-43A4-AD82-1552112A2B82"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:frumph:phpfreechat:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"0.2.8","matchCriteriaId":"555CCA86-7B43-4F8D-9A71-3A92D34A8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.0.5","matchCriteriaId":"054FCFA2-C643-441A-8D13-233980433E88"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paulclark:styles:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.2.3","matchCriteriaId":"C4AF8EAE-53F6-4958-88AB-7DCEBCDFADF9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squidesma:theme_minifier:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.0","matchCriteriaId":"5ADA61B8-B05E-4608-B331-80769EADB458"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:longwatchstudio:woosupply:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.2.2","matchCriteriaId":"15F0C47E-D2B5-47A8-BD7E-592439EF2745"},{"vulnerable":true,"criteria":"cpe:2.3:a:longwatchstudio:woovip:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.4.4","matchCriteriaId":"D12B6939-0446-4C32-AA43-CE3D0052B9ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:longwatchstudio:woovirtualwallet:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.2.1","matchCriteriaId":"EA71FDDC-0142-450E-9F0B-4609171BBE09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arcstone:amo_for_wp_-_membership_management:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"4.6.6","matchCriteriaId":"B893F859-596C-45AD-BE84-BE9FE35B2626"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wpopal:wpopal_core_features:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.5.8","matchCriteriaId":"E4720CB3-42E0-46B2-A74F-E118C427C44A"}]}]}],"references":[{"url":"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve","source":"audit@patchstack.com","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}