CVE-2022-2556

CVE-2022-2556: MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF

Vendor Unknown

Product Mailchimp for WooCommerce

Weakness CWE-918 · SSRF

Published August 29, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example

Key dates

02Disclosure timeline

August 29, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2556

Related vulnerabilities

04Related CVE

CVE-2024-0303 Youke365 Parameter caiji.php server-side request forgery CVE-2025-2192 Stoque Zeev.it Login Page server-side request forgery CVE-2023-2140 Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt