CVE-2022-4426: Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF
First published: Mon Jan 09 2023(Updated: )
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpswings Mautic Integration For Woocommerce | <1.0.3 | |
| <1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-4426?
CVE-2022-4426 has been classified with a medium severity level due to its potential impact on WordPress website security.
How do I fix CVE-2022-4426?
To fix CVE-2022-4426, update the Mautic Integration for WooCommerce WordPress plugin to version 1.0.3 or higher.
What are the consequences of CVE-2022-4426 exploitation?
Exploitation of CVE-2022-4426 can allow attackers to change arbitrary blog options, compromising site integrity.
Who is affected by CVE-2022-4426?
Users of the Mautic Integration for WooCommerce plugin prior to version 1.0.3 on WordPress installations are affected by CVE-2022-4426.
What type of vulnerability is CVE-2022-4426?
CVE-2022-4426 is categorized as a Cross-Site Request Forgery (CSRF) vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/wpswings
- canonical/wpswings mautic integration for woocommerce