What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.
CVE-2022-45367
MEDIUM
CVE-2022-45367: WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Key dates
02Disclosure timeline
May 25, 2023
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-25754
CVE-2025-31588 WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-62117 WordPress EasyIndex plugin <= 1.1.1704 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action
CVE-2025-2863 Cross-site request forgery (CSRF) vulnerability in saTECH BCU
