Server-side Request Forgery (SSRF)

2024-01-3106:30:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

server-side request forgery

tablepress plugin

insufficient filtering} .

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

tobiasbg/tablepress is vulnerable to Server-side Request Forgery (SSRF). The vulnerability is due to insufficient filtering of user-supplied URLs during table imports. This vulnerability allows an attacker to make unauthorized network requests which potentially leads to Server-Side Request Forgery.