Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.7 views

CVE-2023-3958

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

8.5CVSS6.7AI score0.00539EPSS
Exploits0References1
CVE
CVE
added 2023/08/16 4:36 a.m.2500 views

CVE-2023-3958

CVE-2023-3958 affects the WP Remote Users Sync WordPress plugin. The vulnerability is a Server-Side Request Forgery (SSRF) via the notify_ping_remote AJAX function in versions up to and including 1.2.12. An authenticated attacker with subscriber-level permissions (or higher) can cause the web app...

8.5CVSS5.8AI score0.00539EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/16 4:36 a.m.7 views

CVE-2023-3958 WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

8.5CVSS6.8AI score0.00539EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/08/16 12:0 a.m.9 views

WordPress WP Remote Users Sync Plugin <= 1.2.12 is vulnerable to Server Side Request Forgery (SSRF)

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.12 Fixed in 1.2.13 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-3958 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 57ad18456846 Credits Lana Codes...

8.5CVSS6.6AI score0.00539EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder