December 2022 Web Application Vulnerabilities Released

Hitesh Kadu

The Qualys WAS team has identified and released a new set of security signatures to detect a range of vulnerabilities in popular web applications and software such as WordPress, Citrix, JavaScript Libraries and ForgeRock. These vulnerabilities, if left unpatched, can potentially lead to serious security breaches such as unauthorized access, data leakage, and other malicious activities. We urge all organizations to conduct an immediate security audit of their networks and systems for the identified vulnerabilities and take immediate steps to mitigate any potential risks

154127WordPress Multiple Vulnerabilities : Security Update 6.0.3 (CVE-2022-43497,CVE-2022-43500,CVE-2022-43504)
150623ForgeRock Access Management Remote Code Execution Vulnerability (CVE-2021-35464)
150624WordPress Easy WP SMTP Plugin: Multiple Vulnerabilities (CVE-2022-42699,CVE-2022-45833,CVE-2022-45829)
150625WordPress Booster for Woocommerce Plugin: Custom Role Creation/Deletion via CSRF Vulnerability (CVE-2022-4016)
150626Citrix Application Delivery Controller (ADC) and Citrix Gateway Remote Code Execution (RCE) Vulnerability (CVE-2022-27518)

QID 154127 : WordPress Multiple Vulnerabilities : Security Update 6.0.3 (CVE-2022-43497,CVE-2022-43500,CVE-2022-43504)

SeverityLevel 4
CVSS 3.16.1
Affected VersionsWordPress versions prior to 6.0.3


On October 17, 2022, the WordPress core team released version 6.0.3, which includes security updates for multiple vulnerabilities. Qualys WAS has issued a QID to detect the latest CVEs (CVE-2022-43497, CVE-2022-21662, CVE-2022-43500, CVE-2022-43504) that affect the WordPress Core.

These vulnerabilities include:

  • Improper authentication vulnerability (CVE-2022-43504) that allows an attacker to gain unauthorized access to sensitive information.
  • Two cross-site scripting vulnerabilities (CVE-2022-43497, CVE-2022-43500) that allow an attacker to inject malicious code into a web page, which can then be executed by the user’s browser.

It is important for users of the WordPress content management system to upgrade to version 6.0.3 or above in order to protect against these vulnerabilities.

QID 150623 : ForgeRock Access Management Remote Code Execution Vulnerability (CVE-2021-35464)

SeverityLevel 5
CVSS 3.19.8
Affected VersionsForegeRock Access Management version 5.x
ForgeRock Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3
OpenAM versions 9.x, 10.x, 11.x, 12.x and 13.x


The ForgeRock AM server is a service that manages access to resources, such as web pages, applications, and web services, over the network. However, a vulnerability was recently discovered in the server that could potentially allow for unauthorized access to these resources.

The vulnerability is a Java deserialization vulnerability in the jato.pageSession parameter that is present on multiple pages of the ForgeRock AM server. This vulnerability can be exploited without the need for authentication and can potentially lead to remote code execution by simply sending a specially crafted /ccversion/* request to the server. The vulnerability is caused by the use of the Sun ONE Application Framework (JATO) in versions of Java 8 or earlier.

To address this vulnerability, ForgeRock AM version 7.0 removed the “/ccvesion” endpoint, along with other legacy endpoints that rely on JATO. However, it’s worth noting that Jato framework has not been updated for many years, so it is possible that other products that use the Jato framework may still be affected by this vulnerability.

To fix the vulnerability, update to ForgeRock AM version 7.0 or later, which removes the vulnerable endpoint.

QID 150624 : WordPress Easy WP SMTP Plugin: Multiple Vulnerabilities (CVE-2022-42699,CVE-2022-45833,CVE-2022-45829)

SeverityLevel 4
CVSS 3.18.8
Affected VersionsEasy WP SMTP prior to version 1.5.2


Qualys WAS released a QID to detect remote code execution vulnerability and path traversal vulnerability in Easy WP SMTP WordPress plugin. According to the Plugin descriptions from wordpress.orgeasy-wp-smtp is installed on over 6,00,000 sites that allows users to configure and send all outgoing emails via a SMTP server.

These vulnerabilities include:

  • A critical authenticated remote code execution vulnerability (CVE-2022-42699) that allows an attacker who has access to the system to execute arbitrary code and gain complete control over the targeted system. This could lead to unauthorized access to sensitive information and data breaches.
  • Two authenticated path traversal vulnerabilities (CVE-2022-45833 and CVE-2022-45829) that allow an attacker to read sensitive files from the targeted system. This could potentially lead to data breaches, unauthorized access to sensitive information, and other malicious activities.

To protect against these vulnerabilities, it is recommended that users update the Easy WP SMTP plugin to the latest version (1.5.2) as soon as possible. Additionally, if the plugin is not in use, it should be disabled to prevent any potential exploitation of these vulnerabilities. It is also crucial for website administrators to keep their plugins updated to avoid potential security breaches and unauthorized access to sensitive information.

QID 150625 : WordPress Booster for Woocommerce Plugin: Custom Role Creation/Deletion via CSRF Vulnerability (CVE-2022-4016)

SeverityLevel 3
CVSS 3.16.5
Affected VersionsThe Booster for WooCommerce WordPress plugin before 5.6.7


Booster for WooCommerce is a popular addon plugin for WooCommerce with over 70,000 installations. It enhances the functionality of WooCommerce through various modules that can be enabled and disabled at any time.

The Booster for WooCommerce plugin version 5.6.6 and earlier is vulnerable to cross-site request forgery (CSRF) attacks due to the missing nonce validation on functions such as ‘process_actions’ and ‘get_delete_all_custom_statuses_button’. As a result, an attacker could trick an administrator into performing actions that they are authorized to perform, such as creating or deleting custom roles.

It is not possible to effectively safeguard against these vulnerabilities without blocking valid requests, which could disrupt the normal functioning of the website. Therefore, Qualys WAS highly recommends updating to version 5.6.7 or later of Booster for WooCommerce to ensure that your website is protected against any potential exploits targeting this vulnerability. Failure to do so could lead to a potential data breaches, unauthorized access to sensitive information, and other malicious activities.

QID 150626 : Citrix Application Delivery Controller (ADC) and Citrix Gateway Remote Code Execution (RCE) Vulnerability (CVE-2022-27518)

SeverityLevel 4
CVSS 3.19.8
Affected VersionsCitrix ADC and Citrix Gateway 13.0 before 13.0-58.32
Citrix ADC and Citrix Gateway 12.1 before 12.1-65.25


Citrix ADC is the most comprehensive application delivery and load balancing solution for monolithic and microservices-based applications.

On Tuesday, December 13, 2022, Citrix released a security bulletin for a critical unauthenticated remote code execution (RCE) vulnerability, in certain configurations of its Gateway and ADC products. The bulletin announced the availability of fixes for the vulnerability, which had reportedly been exploited in the wild by state-sponsored threat actors.

According to Citrix, there are no alternative solutions for this vulnerability, and customers who use the affected version should apply the update as soon as possible. Qualys WAS highly recommend to refer Citrix Security Bulletin – CTX474995 for information pertaining to remediating this vulnerability.


Starting from December 2022, the detection of vulnerabilities in JavaScript libraries during web application scans will now be reported under dedicated QIDs, rather than a general QID 150162. This modification aims to improve the reporting and management of vulnerabilities, making it simpler for users to pinpoint and address vulnerabilities.

Please note that while QID 150162 is still active, some users may receive duplicate results. We recommend that customers refer to the results reported in the new, dedicated QIDs for accurate and up-to-date information.

The following is a list of the new QIDs for vulnerable libraries that have been supported thus far:

151000Vulnerable JavaScript Library Detected – AngularJS
151001Vulnerable JavaScript Library Detected – Backbone
151002Vulnerable JavaScript Library Detected – Bootstrap
151003Vulnerable JavaScript Library Detected – CKEditor
151005Vulnerable JavaScript Library Detected – Coveo JS
151006Vulnerable JavaScript Library Detected – Dojo
151007Vulnerable JavaScript Library Detected – DOMPurify
151008Vulnerable JavaScript Library Detected – DWR
151009Vulnerable JavaScript Library Detected – easyXDM
151010Vulnerable JavaScript Library Detected – Ember.js
151011Vulnerable JavaScript Library Detected – Ext JS
151012Vulnerable JavaScript Library Detected – flowplayer
151013Vulnerable JavaScript Library Detected – Handlebars
151014Vulnerable JavaScript Library Detected – jPlayer
151015Vulnerable JavaScript Library Detected – jQuery
151016Vulnerable JavaScript Library Detected – jQuery Migrate
151017Vulnerable JavaScript Library Detected – jQuery Mobile
151018Vulnerable JavaScript Library Detected – jQuery PrettyPhoto
151019Vulnerable JavaScript Library Detected – jQuery UI
151022Vulnerable JavaScript Library Detected – Knockout
151024Vulnerable JavaScript Library Detected – Lodash
151025Vulnerable JavaScript Library Detected – Moment.js
151026Vulnerable JavaScript Library Detected – Mustache
151028Vulnerable JavaScript Library Detected – Next.js
151029Vulnerable JavaScript Library Detected – Plupload
151030Vulnerable JavaScript Library Detected – Plupload
151031Vulnerable JavaScript Library Detected – React
151034Vulnerable JavaScript Library Detected – TinyMCE
151035Vulnerable JavaScript Library Detected – URI.js
151037Vulnerable JavaScript Library Detected – Vue.js
151038Vulnerable JavaScript Library Detected – YUI

We strongly advise all our customers to review and upgrade to the most recent version of these libraries in order to maintain the security of their web applications.
For further information on this topic, please refer to our article on Detection of Vulnerabilities in JavaScript Libraries.

Share your Comments


Your email address will not be published. Required fields are marked *