WordPress WPGet API plugin <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin WPGetAPI versions = 2.2.10...

WordPress WPGetAPI Plugin 2.1.0-2.2.1 is vulnerable to Broken Access Control

Software WPGetAPI Type Plugin Vulnerable versions 2.1.0-2.2.1 Fixed in 2.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID ca2d9e4727c6 Credits Unknown Required privilege Subscriber...