CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0215

The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it possible for attackers to update arbitrary options on a site that can be used to create an administrative user account and grant full privileged access to a compromised site. This affects versions <= 2.2 in Login/Signup Popup, versions <= 2.5.1 in Waitlist Woocommerce ( Back in stock notifier ), and versions <= 2.0 in Side Cart Woocommerce (Ajax).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 67.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2022-0215

Xootix » Login/signup Popup » Version: N/A

cpe:2.3:a:xootix:login/signup_popup:-
Xootix » Login/signup Popup » Version: 1.0.0

cpe:2.3:a:xootix:login/signup_popup:1.0.0
Xootix » Login/signup Popup » Version: 1.1

cpe:2.3:a:xootix:login/signup_popup:1.1
Xootix » Login/signup Popup » Version: 1.2

cpe:2.3:a:xootix:login/signup_popup:1.2
Xootix » Login/signup Popup » Version: 1.3

cpe:2.3:a:xootix:login/signup_popup:1.3
Xootix » Login/signup Popup » Version: 1.4

cpe:2.3:a:xootix:login/signup_popup:1.4
Xootix » Login/signup Popup » Version: 1.5

cpe:2.3:a:xootix:login/signup_popup:1.5
Xootix » Login/signup Popup » Version: 1.6

cpe:2.3:a:xootix:login/signup_popup:1.6
Xootix » Login/signup Popup » Version: 1.7

cpe:2.3:a:xootix:login/signup_popup:1.7
Xootix » Login/signup Popup » Version: 2.0

cpe:2.3:a:xootix:login/signup_popup:2.0
Xootix » Login/signup Popup » Version: 2.1

cpe:2.3:a:xootix:login/signup_popup:2.1
Xootix » Login/signup Popup » Version: 2.2

cpe:2.3:a:xootix:login/signup_popup:2.2
Xootix » Side Cart Woocommerce » Version: N/A

cpe:2.3:a:xootix:side_cart_woocommerce:-
Xootix » Side Cart Woocommerce » Version: 1.0.0

cpe:2.3:a:xootix:side_cart_woocommerce:1.0.0
Xootix » Side Cart Woocommerce » Version: 1.0.2

cpe:2.3:a:xootix:side_cart_woocommerce:1.0.2
Xootix » Side Cart Woocommerce » Version: 2.0

cpe:2.3:a:xootix:side_cart_woocommerce:2.0
Xootix » Waitlist Woocommerce » Version: N/A

cpe:2.3:a:xootix:waitlist_woocommerce:-
Xootix » Waitlist Woocommerce » Version: 1.0

cpe:2.3:a:xootix:waitlist_woocommerce:1.0
Xootix » Waitlist Woocommerce » Version: 1.1

cpe:2.3:a:xootix:waitlist_woocommerce:1.1
Xootix » Waitlist Woocommerce » Version: 1.2

cpe:2.3:a:xootix:waitlist_woocommerce:1.2
Xootix » Waitlist Woocommerce » Version: 1.3

cpe:2.3:a:xootix:waitlist_woocommerce:1.3
Xootix » Waitlist Woocommerce » Version: 1.4

cpe:2.3:a:xootix:waitlist_woocommerce:1.4
Xootix » Waitlist Woocommerce » Version: 1.5

cpe:2.3:a:xootix:waitlist_woocommerce:1.5
Xootix » Waitlist Woocommerce » Version: 2.0

cpe:2.3:a:xootix:waitlist_woocommerce:2.0
Xootix » Waitlist Woocommerce » Version: 2.3

cpe:2.3:a:xootix:waitlist_woocommerce:2.3
Xootix » Waitlist Woocommerce » Version: 2.4

cpe:2.3:a:xootix:waitlist_woocommerce:2.4
Xootix » Waitlist Woocommerce » Version: 2.5

cpe:2.3:a:xootix:waitlist_woocommerce:2.5
Xootix » Waitlist Woocommerce » Version: 2.5.1

cpe:2.3:a:xootix:waitlist_woocommerce:2.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0215

Products

Pricing

Contact Us