Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:4977ABCE-12C7-4EF4-9BDD-B76E42E78F23
HistoryJun 06, 2023 - 12:00 a.m.

Getwid < 1.8.4 - Subscriber+ SSRF

2023-06-0600:00:00
wpscan.com
7
getwid plugin
ssrf
subscriber
rest api
vulnerability
poc

0.001 Low

EPSS

Percentile

45.6%

JSON

The plugin does not validate a parameter via the get_remote_content REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack. Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has not been added.

PoC

https://example.com/?rest_route=/getwid/v1/get_remote_content&amp;get;_content_url=http://127.0.0.1/

CPENameOperatorVersion
getwidlt1.8.4

Related

wpexploit 1
wordfence 2
packetstorm 1
prion 2
cvelist 2
cve 2
nvd 2
wpexploit
wpexploit
Getwid < 1.8.4 - Subscriber+ SSRF
2023-06-06 00:00:00
wordfence
wordfence
Credential-Stealing Server Side Request Forgery Patched in Getwid
2023-06-06 13:00:43
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)
2023-06-15 13:04:14
packetstorm
packetstorm
WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF
2023-06-06 00:00:00
prion
prion
Design/Logic Flaw
2023-06-09 06:15:00
Server side request forgery (ssrf)
2023-06-09 06:15:00
cvelist
cvelist
CVE-2023-1910
2023-06-09 05:33:20
CVE-2023-1895
2023-06-09 05:33:38
cve
cve
CVE-2023-1910
2023-06-09 06:15:59
CVE-2023-1895
2023-06-09 06:15:58
nvd
nvd
CVE-2023-1910
2023-06-09 06:15:59
CVE-2023-1895
2023-06-09 06:15:58

0.001 Low

EPSS

Percentile

45.6%

JSON
Related for WPVDB-ID:4977ABCE-12C7-4EF4-9BDD-B76E42E78F23
wpexploit1wordfence2packetstorm1prion2cvelist2cve2nvd2