2 matches found
CVE-2024-13905
The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...
CVE-2024-13905
The CVE CVE-2024-13905 affects the WordPress OneStore Sites plugin up to version 0.1.1, with the vulnerability exploiting class-export.php to trigger unauthenticated Server-Side Request Forgery (SSRF). This enables an attacker from the web app to issue requests to arbitrary destinations and can b...