Cookie Consent by Free Privacy Policy Generator CVE-2022-2556 | Mailchimp for WooCommerce Plugin up to 2.7.1 on WordPress POST Request server-side request forgery
Paypal Spenden für Projekt | Google Playstore Download Button für Team IT Security

Theme Auswahl



➠ CVE-2022-2556 | Mailchimp for WooCommerce Plugin up to 2.7.1 on WordPress POST Request server-side request forgery

A vulnerability has been found in Mailchimp for WooCommerce Plugin up to 2.7.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component POST Request Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2022-2556. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component....


➦ Sicherheitslücken / Exploits ☆ vuldb.com

➠ Komplette Nachricht lesen


Zur Startseite

➤ Ähnliche Beiträge für 'CVE-2022-2556 | Mailchimp for WooCommerce Plugin up to 2.7.1 on WordPress POST Request server-side request forgery'

XSS in the class meta-box

vom 4506.88 Punkte
The customer note in the meta-box is not adequately escaped to prevent an XSS attack. This vulnerability affects the following application versions: WooCommerce 2.2.0 WooCommerce 2.2.0-RC1 WooCommerce 2.2

XSS in meta box order data

vom 4472.12 Punkte
Some variables are not properly escaped to prevent an XSS attack. This vulnerability affects the following application versions: WooCommerce 2.2.0 WooCommerce 2.2.0-RC1 WooCommerce 2.2.1

XSS in WC-Cart

vom 4356.27 Punkte
The WC-cart is not properly sanitized to prevent object injection. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC1 WooCommerce 2.1.0-RC2

Path traversal in admin importers

vom 3927.59 Punkte
The CSV and TXT importers of taxes and products are not properly checked against path traversal attacks. This vulnerability affects the following application versions: WooCommerce 2.3.0 WooCommerce 2.3.0-RC1

SQL injection in the taxes API

vom 3742.22 Punkte
The API taxes are not properly escaped to prevent an SQL injection. This vulnerability affects the following application versions: WooCommerce 2.5.0 WooCommerce 2.5.0-RC1 WooCommerce 2.5.0-RC2

XSS in metabox customer note field

vom 3510.5 Punkte
Some variables in the customer note field are not properly escaped to prevent an XSS attack. This vulnerability affects the following application versions: WooCommerce 3.3.0 WooCommerce 3.3.0-rc.1 WooCommerce 3.3

Incorrect permissions at the REST API endpoint

vom 3093.41 Punkte
The REST API endpoint is not checked properly for permissions. This vulnerability affects the following application versions: WooCommerce 3.7.0 WooCommerce 3.7.0-beta.1 WooCommerce 3.7

Incorrect permissions at the REST API endpoint

vom 3093.41 Punkte
The REST API endpoint is not checked properly for permissions. This vulnerability affects the following application versions: WooCommerce 3.7.0 WooCommerce 3.7.0-beta.1 WooCommerce 3.7

Incorrect session handling

vom 2989.14 Punkte
The session is not properly checked if it is expired or belongs to a logged-out user. This vulnerability affects the following application versions: WooCommerce 3.3.0 WooCommerce 3.3.0-rc.2 WooCommerce 3.3

Escaping added to templates and classes and usage of absolute paths to prevent XSS

vom 2826.94 Punkte
Several elements and paths weren't properly sanitized against XSS. This vulnerability affects the following application versions: WooCommerce 2.1.0 WooCommerce 2.1.0-RC1 WooCommerce 2.1.0-RC2

Permission check for reviews in v1 & v2 REST API

vom 2699.49 Punkte
Missing boolean checks before the permission check can lead having wrong permissions for users This vulnerability affects the following application versions: WooCommerce 3.5.0 WooCommerce 3.5.0-beta.1 WooCommerce 3.5

XSS in various modules

vom 2502.54 Punkte
Some addons of WooCommerce are not properly escaped to prevent XSS attacks. This vulnerability affects the following application versions: WooCommerce 3.7.0 WooCommerce 3.7.0-beta.1 WooCommerce 3.7.0

Team Security Diskussion über CVE-2022-2556 | Mailchimp for WooCommerce Plugin up to 2.7.1 on WordPress POST Request server-side request forgery