WordPress Paytm Payment Gateway Plugin <= 2.7.0 is vulnerable to Server Side Request Forgery (SSRF)
CVE-2022-45362

7.2HIGH

Key Information:

Vendor: WordPress
Status: Paytm Payment Gateway
Vendor: CVE Published:; 7 December 2023

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the Paytm Payment Gateway, which allows malicious actors to send unauthorized requests from the server. This vulnerability can be exploited by manipulating requests directed from the server to internal or external services, potentially exposing sensitive data and leading to further attacks. Users of Paytm Payment Gateway versions n/a through 2.7.0 are advised to update their systems promptly to mitigate any associated risks.

Affected Version(s)

Paytm Payment Gateway <= 2.7.0

References

https://patchstack.com/database/vulnerability/paytm-payme...

vdb-entry

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 14, 2022

Credit

Aman Rawat (Patchstack Alliance)