[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fn4E7Zkq2myoWdJHJ6yZ5MvENNYupZV29Jq4-B1RirXI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-3154","multiple-plugins-from-viszt-peter-cross-site-request-forgery","Multiple Plugins from Viszt Peter - Cross-Site Request Forgery","The plugins 'Integration for Billingo & Gravity Forms' up to version 1.0.3,  'Integration for Szamlazz.hu & Gravity Forms' up to version 1.2.6, and 'Woo Billingo Plus' up to version 4.4.5.3 for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation in various AJAX actions. This allows unauthenticated attackers to make logged in Shop Managers and above perform unwanted actions granted they can trick such a user into performing an action such as clicking on a link.","integration-for-szamlazz-hu-gravity-forms",null,"\u003C=1.2.6","1.2.7","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2022-09-14 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5?source=api-prod",496]