CVE-2024-37098

Опубликовано: 26 июн. 2024

Источник: nvd

CVSS3: 4.4

CVSS3: 9.8

EPSS Низкий

Описание

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.

Ссылки

https://patchstack.com/database/vulnerability/blossomthemes-email-newsletter/wordpress-blossomthemes-email-newsletter-plugin-2-2-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Third Party Advisory
https://patchstack.com/database/vulnerability/blossomthemes-email-newsletter/wordpress-blossomthemes-email-newsletter-plugin-2-2-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blossomthemes:blossomthemes_email_newsletter:*:*:*:*:*:wordpress:*:*

Версия до 2.2.7 (исключая)

EPSS

Процентиль: 46%

0.00232

Низкий

4.4 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-h65f-46fv-r349

CVSS3: 4.4

github

больше 1 года назад

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6.

EPSS

Процентиль: 46%

0.00232

Низкий

4.4 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-918