Lucene search

WpvulndbWPVDB-ID:F00C1FE1-513C-4B11-B706-A73D0123A17F

HistoryJun 05, 2024 - 12:00 a.m.

Blocksy Companion < 2.0.43 - Authenticated (Admin+) Server-Side Request Forgery

2024-06-0500:00:00

wpscan.com

wordpress

server-side request forgery

authenticated attackers

administrator-level access

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

9.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Blocksy Companion plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.42. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

References

www.wordfence.com/threat-intel/vulnerabilities/id/a4a885e0-84fb-4f5a-8ef5-6a0a8108d26f

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

9.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:F00C1FE1-513C-4B11-B706-A73D0123A17F