Assistant < 1.4.4 - Editor+ SSRF

Description The plugin does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks PoC As an Editor or above, open http://example.com/index.php?flasstimageproxy=https://127.0.0.1...

CVE-2023-1938

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue...

Server side request forgery (ssrf)

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue...

CVE-2023-1938

CVE-2023-1938 affects the WordPress plugin WP Fastest Cache up to version 1.1.5. The flaw allows Blind SSRF via an AJAX action because there is no CSRF check and user input is not validated before use in wp_remote_get(). Exploitation details are not provided in the initial documents; the CVSS bas...

CVE-2023-1938 WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF

The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wpremoteget function, leading to a Blind SSRF issue...