Описание
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.29 (исключая)
cpe:2.3:a:oplugins:booking_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
8.8 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
EPSS
Процентиль: 44%
0.00212
Низкий
8.8 High
CVSS3