6 matches found
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...
CVE-2024-4399
creationtimestamp| type| source ---|---|--- 2025-03-13 03:36:38+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-4399.yaml 2025-03-13 21:02:08+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lkbyl6zw4a2s...
CVE-2024-4399
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...
CVE-2024-4399 CAS <= 1.0.0 - Unauthenticated SSRF
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...
CVE-2024-4399 CAS <= 1.0.0 - Unauthenticated SSRF
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...
CVE-2024-4399
The WordPress CAS Theme (≤ 1.0.0) is affected by an SSRF vulnerability. The CVE-2024-4399 entry notes an SSRF flaw where a parameter is not validated before making a request, enabling unauthenticated SSRF. Nuclei/Nuclei templates specify SSRF via the get_remote_data.php script with a vulnerable u...