4 matches found
CVE-2024-1978
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...
CVE-2024-1978 Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...
CVE-2024-1978
CVE-2024-1978 concerns the WordPress Friends plugin (versions
WordPress Friends Plugin <= 2.8.5 is vulnerable to Server Side Request Forgery (SSRF)
Software Friends Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1978 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID c75d983a4b44 Credits Francisco Gutierrez Required privilege...