5 matches found
CVE-2024-9624
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624
creationtimestamp| type| source ---|---|--- 2024-12-17 05:31:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113666521617483385 2024-12-17 08:25:17+00:00| seen| https://t.me/cvedetector/13069...
CVE-2024-9624
WP All Import Pro (WordPress) FIXED: SSRF in pmxi_curl_download affects all versions ≤ 4.9.3, exploitable by authenticated (Administrator+) users to issue web requests from the app to arbitrary locations, including internal service endpoints and cloud instance metadata. CVSS 3.1 vector: NETWORK/L...
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...
CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...