4 matches found
CVE-2023-3958
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...
CVE-2023-3958
CVE-2023-3958 affects the WP Remote Users Sync WordPress plugin. The vulnerability is a Server-Side Request Forgery (SSRF) via the notify_ping_remote AJAX function in versions up to and including 1.2.12. An authenticated attacker with subscriber-level permissions (or higher) can cause the web app...
CVE-2023-3958 WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...
WordPress WP Remote Users Sync Plugin <= 1.2.12 is vulnerable to Server Side Request Forgery (SSRF)
Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.12 Fixed in 1.2.13 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-3958 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 57ad18456846 Credits Lana Codes...