Lucene search
Dmitrii IgnatyevWPEX-ID:D6B1270B-52C0-471D-A5FB-507E21B46310HistoryMay 10, 2024 - 12:00 a.m.
Migration Backup Restore < 3.5.0 - Admin+ SSRF
2024-05-1000:00:00
Dmitrii Ignatyev
15
security vulnerability
migration
backup
restore
admin+
ssrf
exploit
poc
may 24 2024
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
1. Click on "Upload Backup" and add http://127.0.0.1:XXX/123.wpstg -> "Upload".
If the port is open it will return an error "Not Found" to user. If the port isn't open it will return nothing.References
Related
cvelist
cvelist
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
2024-05-31 06:00:02
wpvulndb
wpvulndb
Migration Backup Restore < 3.5.0 - Admin+ SSRF
2024-05-10 00:00:00
cve
cve
CVE-2024-4469
2024-05-31 06:15:13
vulnrichment
vulnrichment
CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF
2024-05-31 06:00:02
nvd
nvd
CVE-2024-4469
2024-05-31 06:15:13
wordfence
wordfence
9.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:D6B1270B-52C0-471D-A5FB-507E21B46310