CVE-2022-4888

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-4888
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc Exploit Third Party Advisory
https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:addify:abandoned_cart_recovery:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:advanced_free_gifts:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:checkout_fields_manager:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_order_number:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_registration_forms_builder:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:gift_registry_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:image_watermark_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:order_approval_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:order_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*
History

21 Nov 2024, 07:36

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc - Exploit, Third Party Advisory

07 Nov 2023, 03:59

Type Values Removed Values Added
CWE CWE-352

04 Aug 2023, 17:26

Type Values Removed Values Added
First Time Addify checkout Fields Manager
Addify order Approval For Woocommerce
Addify
Addify order Tracking For Woocommerce
Addify advanced Free Gifts
Addify custom Order Number
Addify image Watermark For Woocommerce
Addify custom Registration Forms Builder
Addify custom Fields For Woocommerce
Addify abandoned Cart Recovery
Addify gift Registry For Woocommerce
References (MISC) https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc - (MISC) https://wpscan.com/vulnerability/2c2379d0-e373-4587-a747-429d7ee8f6cc - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:addify:order_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_order_number:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:checkout_fields_manager:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:order_approval_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:abandoned_cart_recovery:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:image_watermark_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:gift_registry_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_registration_forms_builder:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:custom_fields_for_woocommerce:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:addify:advanced_free_gifts:*:*:*:*:*:wordpress:*:*

31 Jul 2023, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-31 10:15

Updated : 2024-11-21 07:36

NVD link : CVE-2022-4888

Mitre link : CVE-2022-4888

CVE.ORG link : CVE-2022-4888

JSON object : View

Products Affected

addify

  • checkout_fields_manager
  • custom_order_number
  • gift_registry_for_woocommerce
  • order_tracking_for_woocommerce
  • custom_registration_forms_builder
  • abandoned_cart_recovery
  • advanced_free_gifts
  • custom_fields_for_woocommerce
  • image_watermark_for_woocommerce
  • order_approval_for_woocommerce
CWE

No CWE.


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024