8 matches found
CVE-2025-8678
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-8678
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-8678
The CVE-2025-8678 entry concerns the WordPress WP Crontrol plugin. Affected versions 1.17.0–1.19.1 expose a blind Server-Side Request Forgery via wp_remote_request() that can be exploited by authenticated administrators or higher to issue web requests from the WordPress host to arbitrary external...
CVE-2025-8678 WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery
The WP Crontrol plugin for WordPress is vulnerable to blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the 'wpremoterequest' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
WordPress WP Crontrol plugin 1.17.0-1.19.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability
Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crontrol versions 1.17.0-1.19.1...
WordPress plugin WP Crontrol 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2025-33892 · WordPress · Wp Crontrol
Name of the Vulnerable Software and Affected Versions: WP Crontrol versions 1.17.0 through 1.19.1 Description: The WP Crontrol plugin for WordPress is vulnerable to Server-Side Request Forgery via the wp remote request function. This allows authenticated attackers with Administrator-level access...
WordPress Crontrol Plugin <= 1.2.3 - Cross Site Scripting (XSS)
Because of this vulnerability, authenticated administrators can store HTML and JS code. Vulnerable parameters: "idhookname", "idsig", "idnextrun", "idargscode". Solution Update the plugin...