Skip to main content

Montonio For Woocommerce

2 CVEs product

Monthly

CVE-2026-48873 HIGH This Week

Broken access control in the Montonio for WooCommerce WordPress plugin versions 10.1.2 and earlier allows remote unauthenticated attackers to perform integrity-impacting actions without proper authorization checks. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates the flaw is trivially reachable over the network against default deployments, with high integrity impact but no direct confidentiality or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass WordPress Montonio For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-40700 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP - Membership Management ArcStone wp-amo, Long Watch Studio. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress Admin Css Mu Amp Toolbox Confirm Data +12
NVD
CVSS 3.1
8.2
EPSS
0.7%
EPSS 0% CVSS 7.5
HIGH This Week

Broken access control in the Montonio for WooCommerce WordPress plugin versions 10.1.2 and earlier allows remote unauthenticated attackers to perform integrity-impacting actions without proper authorization checks. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates the flaw is trivially reachable over the network against default deployments, with high integrity impact but no direct confidentiality or availability consequences. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass WordPress Montonio For Woocommerce
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP - Membership Management ArcStone wp-amo, Long Watch Studio. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress Admin Css Mu +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy