CVE-2022-4363 | THREATINT

Description

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack

PUBLISHED Reserved 2022-12-08 | Published 2025-05-16 | Updated 2025-05-17 | Assigner WPScan

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

Any version before 2.2.2

affected

Default status

unaffected

Any version before 2.0.1

affected

Credits

WPScan finder

WPScan coordinator

References

wpscan.com/...rability/734dba0b-f550-4372-884a-d42f7b0c00c7/ exploit vdb-entry technical-description

cve.org (CVE-2022-4363)

nvd.nist.gov (CVE-2022-4363)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu