WordPress plugin TablePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

TablePress – Tables in WordPress made easy < 2.3.2 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind

Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make...

CVE-2024-4354

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

CVE-2024-4354

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

WordPress TablePress plugin <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind vulnerability

Authenticated Author+ Server-Side Request Forgery via DNS Rebind vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin TablePress versions = 2.3.1...

WordPress plugin TablePress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress TablePress Plugin <= 2.3.1 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4354 Patch priority Low CVSS severity Low 6.4 Developer TablePress PSID e683cfb42286 Credits Tobias Weißhaar kun19 Required privilege...

TablePress < 2.2.5 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files

Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to and including 2.2.4 via the 'getimportfiles' function. This makes it possible for authenticated attackers, with author access and above, to make web...

Server-side Request Forgery (SSRF)

tobiasbg/tablepress is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient filtering of user-supplied URLs during table imports. This vulnerability allows an attacker to make unauthorized network requests which potentially leads to Server-Side Request Forgery...

WordPress TablePress Plugin <= 2.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-23825 Patch priority Low CVSS severity Low 3 Developer TablePress PSID 63d423a50b49 Credits isacaya Required privilege Author Publishe...

CVE-2024-23825

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

Design/Logic Flaw

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

CVE-2024-23825

The CVE-2024-23825 entry concerns the WordPress TablePress plug-in. It describes an SSRF flaw where user-provided URLs for table imports are insufficiently filtered, potentially causing the server to fetch from unintended network locations, including an AWS instance metadata REST API, risking exp...

CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

Wordpress plugin TablePress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-20107 · Unknown · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress versions prior to 2.2.5 Description: The issue arises from insufficient filtering of user input for URLs used in external HTTP requests for importing tables. This can lead to sending requests to unintended network locations and...