Lucene search
K

5 matches found

NVD
NVD
added 2024/12/17 6:15 a.m.27 views

CVE-2024-9624

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS0.0042EPSS
Exploits0References2
Circl
Circl
added 2024/12/17 5:31 a.m.8 views

CVE-2024-9624

creationtimestamp| type| source ---|---|--- 2024-12-17 05:31:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113666521617483385 2024-12-17 08:25:17+00:00| seen| https://t.me/cvedetector/13069...

7.6CVSS8.7AI score0.0042EPSS
Exploits0References2
CVE
CVE
added 2024/12/17 5:23 a.m.62 views

CVE-2024-9624

WP All Import Pro (WordPress) FIXED: SSRF in pmxi_curl_download affects all versions ≤ 4.9.3, exploitable by authenticated (Administrator+) users to issue web requests from the app to arbitrary locations, including internal service endpoints and cloud instance metadata. CVSS 3.1 vector: NETWORK/L...

7.6CVSS7.2AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/17 5:23 a.m.30 views

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS0.0042EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/17 5:23 a.m.8 views

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS6.7AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder