3 matches found
CVE-2024-2663
CVE-2024-2663 : ZD YouTube FLV Player plugin for WordPress is affected. All versions up to 1.2.6 are vulnerable to Server-Side Request Forgery via the $_GET['image'] parameter. This SSRF allows unauthenticated attackers to issue web requests from the vulnerable web application to arbitrary destin...
CVE-2024-2663 ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery
The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $GET'image' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
WordPress ZD YouTube FLV Player Plugin <= 1.2.6 is vulnerable to Server Side Request Forgery (SSRF)
Software ZD YouTube FLV Player Type Plugin Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-2663 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 49305c6b35a4 Credits Mike Required privile...