Vulnerability Description
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Woo Billingo Plus Project | Woo Billingo Plus | < 4.4.5.4 |
| Integration For Billingo \& Gravity Forms Project | Integration For Billingo \& Gravity Forms | < 1.0.4 |
| Integration For Szamlazz.Hu \& Gravity Forms Project | Integration For Szamlazz.Hu \& Gravity Forms | < 1.2.7 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cdExploitThird Party Advisory
- https://wpscan.com/vulnerability/cda978b2-b31f-495d-8601-0aaa3e4b45cdExploitThird Party Advisory
FAQ
What is CVE-2022-3154?
CVE-2022-3154 is a vulnerability with a CVSS score of 7.1 (HIGH). The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7...
How severe is CVE-2022-3154?
CVE-2022-3154 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3154?
Check the references section above for vendor advisories and patch information. Affected products include: Woo Billingo Plus Project Woo Billingo Plus, Integration For Billingo \& Gravity Forms Project Integration For Billingo \& Gravity Forms, Integration For Szamlazz.Hu \& Gravity Forms Project Integration For Szamlazz.Hu \& Gravity Forms.