The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-10T00:00:00
Updated: 2024-08-03T01:00:10.538Z
Reserved: 2022-09-07T00:00:00
Link: CVE-2022-3154
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-10T21:15:11.510
Modified: 2024-11-21T07:18:56.397
Link: CVE-2022-3154
Redhat
No data.