WordPress Friends plugin code issue vulnerability

WordPress Friends plugin is a plugin for social interaction. WordPress Friends plugin has a code issue vulnerability that stems from improper deserialization of the queryvars parameter, which can be exploited by an attacker to cause code execution...

WordPress plugin Friends 代码问题漏洞

WordPress Friends plugin is a plugin for social interaction. WordPress Friends plugin has a code issue vulnerability that stems from improper deserialization of the queryvars parameter, which can be exploited by an attacker to cause code execution...

CVE-2024-1978

The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...

WordPress Friends Plugin <= 2.8.5 is vulnerable to Server Side Request Forgery (SSRF)

Software Friends Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1978 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID c75d983a4b44 Credits Francisco Gutierrez Required privilege...