6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
18.2%
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks