exploitDog

CVE-2024-4260

Опубликовано: 23 июл. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Ссылки

https://wpscan.com/vulnerability/69f33e20-8ff4-491c-8f37-a4eadd4ea8cf/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/69f33e20-8ff4-491c-8f37-a4eadd4ea8cf/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:godaddy:coblocks:*:*:*:*:*:wordpress:*:*

Версия до 3.1.12 (исключая)

EPSS

Процентиль: 72%

0.00723

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-5pqp-q4fm-4p4h

CVSS3: 6.5

github

больше 1 года назад

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

EPSS

Процентиль: 72%

0.00723

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-918