exploitDog

CVE-2024-2090

Опубликовано: 01 авг. 2024

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Ссылки

https://wordpress.org/plugins/remote-content-shortcode/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:doublesharp:remote_content_shortcode:*:*:*:*:*:wordpress:*:*

Версия до 1.5 (включая)

EPSS

Процентиль: 40%

0.00178

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-28v8-9mr3-438f

CVSS3: 6.4

github

больше 1 года назад

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

EPSS

Процентиль: 40%

0.00178

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-918

CWE-918