PatchSiren

PatchSiren cyber security CVE debrief

CVE-2022-47150 weDevs CVE debrief

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in weDevs WooCommerce Conversion Tracking, affecting versions from n/a through 2.0.10. This vulnerability has been assigned a CVSS score of 4.3, indicating a Medium severity level. The vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks.

Vendor
weDevs
Product
WooCommerce Conversion Tracking
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-11
Original CVE updated
2026-06-11
Advisory published
2026-06-11
Advisory updated
2026-06-11

Who should care

Users of weDevs WooCommerce Conversion Tracking plugin for WordPress, particularly those using versions from n/a through 2.0.10, should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The CVE-2022-47150 vulnerability is a Cross-Site Request Forgery (CSRF) issue in the weDevs WooCommerce Conversion Tracking plugin. The Common Vulnerabilities and Exposures (CVE) score is 4.3, with a Medium severity level. The vulnerability is caused by a lack of proper validation and sanitization of user requests, allowing an attacker to trick users into performing unintended actions.

Defensive priority

Medium

Recommended defensive actions

  • Update the weDevs WooCommerce Conversion Tracking plugin to a version that is not vulnerable.
  • Implement additional security measures, such as validating and sanitizing user requests, to prevent similar vulnerabilities.

Evidence notes

The CVE-2022-47150 vulnerability was discovered and reported by [email protected]. The vulnerability has been confirmed by the National Vulnerability Database (NVD) and is listed on the CVE.org website.

Official resources

CVE-2022-47150 was published on 2026-06-11T12:16:29.607Z and modified on 2026-06-11T14:42:47.007Z.