Lucene search

K
wpvulndbDmitrii IgnatyevWPVDB-ID:0B92BECB-8A47-48FD-82E8-F7641CF5C9BC
HistoryDec 21, 2023 - 12:00 a.m.

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

2023-12-2100:00:00
Dmitrii Ignatyev
wpscan.com
14
wordpress
plugin
ssrf
contributor
validation
poc

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.3%

Description The plugin does not validate one of its shortcode’s parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

PoC

[wpfgc url=“http://127.0.0.1:8084”]

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

19.3%

Related for WPVDB-ID:0B92BECB-8A47-48FD-82E8-F7641CF5C9BC