6 matches found
WordPress Assistant – Every Day Productivity Apps Plugin < 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)
Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-5798 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 79c75777c183 Credits Ji Yuchen...
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5798
CVE-2023-5798 affects the Assistant WordPress plugin prior to 1.4.4. The issue is that a parameter is not validated before making a request via wp_remote_get(), enabling SSRF from users with roles as low as Editor. Impact is SSRF with potential access to internal/external resources; document note...