WordPress Plugin Vulnerabilities
JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
Description
The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
Proof of Concept
[wpfgc url="http://127.0.0.1:8084"]
Affects Plugins
References
CVE
Classification
Type
SSRF
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-12-21 (about 4 months ago)
Added
2023-12-21 (about 4 months ago)
Last Updated
2023-12-21 (about 4 months ago)