Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/24 2:15 p.m.13 views

CVE-2024-11913

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

5.4CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2025/01/24 1:40 p.m.47 views

CVE-2024-11913

CVE-2024-11913 affects the WordPress plugin Activity Plus Reloaded for BuddyPress, with Blind SSRF via ajax_preview_link in all versions up to 1.1.1. Reported by Wordfence; authenticated attackers with Subscriber+ can induce web requests from the app to internal or arbitrary locations, potentiall...

5.4CVSS5.3AI score0.00231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/24 1:40 p.m.15 views

CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

5.4CVSS0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/24 1:40 p.m.6 views

CVE-2024-11913 Activity Plus Reloaded for BuddyPress <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajaxpreviewlink' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web...

5.4CVSS6.3AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder