MidnightBSD

Advisories for integration_for_szamlazz.hu_&_gravity_forms_project

CVE-2022-3154

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L 2.8 4.2

Products Affected

Vendor Product Version
woo_billingo_plus_project woo_billingo_plus *
integration_for_szamlazz.hu_&_gravity_forms_project integration_for_szamlazz.hu_&_gravity_forms *
integration_for_billingo_&_gravity_forms_project integration_for_billingo_&_gravity_forms *