Unrated severityNVD Advisory· Published Aug 29, 2022· Updated Aug 3, 2024

MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

CVE-2022-2556

Description

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/AR For Woocommercecpe-rescue
Package: https://wordpress.org/plugins/ar-for-woocommerce
WordPress/Mailchimp for WooCommercellm-create
Range: <2.7.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/f2a59eaa-6b44-4098-912f-823289cf33b0mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000