Описание
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.2 (исключая)
cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 34%
0.00137
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 4.7
github
около 1 года назад
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
EPSS
Процентиль: 34%
0.00137
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-918