Lucene search
K

4 matches found

NVD
NVD
added 2024/02/29 7:15 a.m.10 views

CVE-2024-1978

The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...

5.5CVSS5.3AI score0.00459EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/29 6:47 a.m.20 views

CVE-2024-1978 Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery

The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...

5.5CVSS5.5AI score0.00459EPSS
Exploits0References3
CVE
CVE
added 2024/02/29 6:47 a.m.88 views

CVE-2024-1978

CVE-2024-1978 concerns the WordPress Friends plugin (versions

5.5CVSS6.2AI score0.00459EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/29 12:0 a.m.12 views

WordPress Friends Plugin <= 2.8.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Friends Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1978 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID c75d983a4b44 Credits Francisco Gutierrez Required privilege...

5.5CVSS6.9AI score0.00459EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder