Login Sign Up

CVE-2022-40700

8.2 HIGH
SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins and themes. It allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. Users of the listed WordPress plugins and themes are affected.

💻 Affected Systems

Products:
  • Montonio for WooCommerce
  • Wpopal Core Features
  • ArcStone wp-amo
  • WooVirtualWallet
  • WooVIP
  • WooSupply
  • Theme Minifier
  • Styles
  • WordPress Page Builder - Qards
  • PHPFreeChat
  • Custom Login Admin Front-end CSS
  • CSS Adder By Agence-Press
  • Confirm Data
  • AMP Toolbox
  • Admin CSS MU
Versions: Various versions up to: Montonio 6.0.1, Wpopal 1.5.8, ArcStone 4.6.6, WooVirtualWallet 2.2.1, WooVIP 1.4.4, WooSupply 1.2.2, Theme Minifier 2.0, Styles 1.2.3, Qards 1.0.5, PHPFreeChat 0.2.8, Custom Login 1.4.1, CSS Adder 1.5.0, Confirm Data 1.0.7, AMP Toolbox 2.1.1, Admin CSS MU 2.6
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All listed WordPress plugins and themes are vulnerable in their default configurations. The vulnerability affects multiple unrelated products.

📦 What is this software?

Admin Css Mu by Millionclues

View all CVEs affecting Admin Css Mu →

Amo For Wp Membership Management by Arcstone

View all CVEs affecting Amo For Wp Membership Management →

Amp Toolbox by Deano

View all CVEs affecting Amp Toolbox →

Confirm Data by Unihost

View all CVEs affecting Confirm Data →

Css Adder by Agence Press

View all CVEs affecting Css Adder →

Custom Login Admin Front End Css by Millionclues

View all CVEs affecting Custom Login Admin Front End Css →

Montonio For Woocommerce by Montonio

View all CVEs affecting Montonio For Woocommerce →

Phpfreechat by Frumph

View all CVEs affecting Phpfreechat →

Qards by Designmodo

View all CVEs affecting Qards →

Styles by Paulclark

View all CVEs affecting Styles →

Theme Minifier by Squidesma

View all CVEs affecting Theme Minifier →

Woosupply by Longwatchstudio

View all CVEs affecting Woosupply →

Woovip by Longwatchstudio

View all CVEs affecting Woovip →

Woovirtualwallet by Longwatchstudio

View all CVEs affecting Woovirtualwallet →

Wpopal Core Features by Wpopal

View all CVEs affecting Wpopal Core Features →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, perform port scanning of internal networks, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Unauthorized access to internal services, data exfiltration from internal systems, or using the vulnerable server as a proxy for attacks against other systems.

🟢

If Mitigated

Limited impact if network segmentation restricts internal access and external requests are filtered, though the vulnerability still exists.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CWE-918 and CVSS 8.2, exploitation is likely straightforward. Some references indicate unauthenticated exploitation is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by product - check individual vendor advisories

Vendor Advisory: See provided Patchstack references for each affected product

Restart Required: No

Instructions:

1. Identify which affected plugins/themes are installed. 2. Check WordPress plugin/theme updates. 3. Update to latest versions. 4. Verify updates applied successfully.

🔧 Temporary Workarounds

Disable affected plugins/themes

all

Temporarily disable vulnerable plugins/themes until patches can be applied

wp plugin deactivate [plugin-name]
wp theme deactivate [theme-name]

Network restrictions

linux

Implement network controls to restrict outbound requests from web servers

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Remove affected plugins/themes completely from production systems
  • Implement web application firewall rules to block SSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for installed plugins/themes and compare with affected list

Check Version:

wp plugin list --fields=name,version --format=csv

Verify Fix Applied:

Verify plugin/theme versions are updated beyond vulnerable versions listed

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from web server
  • Requests to internal IP addresses or localhost
  • Multiple failed connection attempts to various ports

Network Indicators:

  • Web server making unexpected outbound connections
  • Traffic to internal services from web server

SIEM Query:

source="web_server_logs" AND (dest_ip=127.0.0.1 OR dest_ip=10.* OR dest_ip=172.16.* OR dest_ip=192.168.*) AND method="GET" OR method="POST"

📊 Metadata

CVE ID: CVE-2022-40700
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-918
Published: January 19, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-40700, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)