Lucene search
K

6 matches found

NVD
NVD
added 2024/01/15 4:15 p.m.34 views

CVE-2023-6991

The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...

8.8CVSS8.6AI score0.00694EPSS
Exploits2References1
CVE
CVE
added 2024/01/15 3:10 p.m.62 views

CVE-2023-6991

CVE-2023-6991 relates to the WordPress plugin “JSM file_get_contents() Shortcode” (before 2.7.1). The vulnerability arises because one shortcode parameter is not validated before making an outbound request, enabling users with a contributor role or higher to trigger server-side requests (SSRF). A...

8.8CVSS8.6AI score0.00694EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/01/15 3:10 p.m.33 views

CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...

8.8AI score0.00694EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/15 3:10 p.m.20 views

CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

The JSM filegetcontents Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks...

6.7AI score0.00694EPSS
Exploits2References1
NVD
NVD
added 2024/01/04 7:15 p.m.13 views

CVE-2023-5442

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6991. Reason: This candidate is a reservation duplicate of CVE-2023-6991. Notes: All CVE users should reference CVE-2023-43226 instead of this candidate. All references and descriptions in this candidate have been...

8.6AI score
Exploits1
CVE
CVE
added 1976/01/01 12:0 a.m.55 views

CVE-2023-5442

CVE-2023-6991 corresponds to a WordPress plugin vulnerability in JSM file_get_contents() Shortcode (pre-2.7.1). The issue: a shortcode parameter is not validated before the plugin makes an external request, allowing users with the Contributor role and above to trigger SSRF. Affected: WordPress JS...

8.5AI score
Exploits1
Rows per page
Query Builder