6 matches found
CVE-2023-6991
The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...
CVE-2023-6991
CVE-2023-6991 relates to the WordPress plugin “JSM file_get_contents() Shortcode” (before 2.7.1). The vulnerability arises because one shortcode parameter is not validated before making an outbound request, enabling users with a contributor role or higher to trigger server-side requests (SSRF). A...
CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...
CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...
CVE-2023-5442
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6991. Reason: This candidate is a reservation duplicate of CVE-2023-6991. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been...
CVE-2023-5442
CVE-2023-6991 corresponds to a WordPress plugin vulnerability in JSM file_get_contents() Shortcode (pre-2.7.1). The issue: a shortcode parameter is not validated before the plugin makes an external request, allowing users with the Contributor role and above to trigger SSRF. Affected: WordPress JS...