WordPress Plugin Vulnerabilities

Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF)

Description

The Google Forms WordPress plugin was affected by an Unauthenticated Server-Side Request Forgery (SSRF) security vulnerability.

Affects Plugins

Plugin icon
wpgform
Fixed in 0.92

References

URL
https://klikki.fi/adv/wpgform.html
URL
https://plugins.trac.wordpress.org/changeset/1796931/wpgform

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
33e54044-f09c-4a0e-91d7-33c4d692b2c7

Timeline

Publicly Published
2018-01-20 (about 8 years ago)
Added
2018-01-22 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-02-14
Title
Stream < 4.1.0 - Authenticated (Admin+) Server-Side Request Forgery
Published
2025-03-04
Title
Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF
Published
2025-04-24
Title
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) < 3.1.3 - Unauthenticated Server-Side Request Forgery via URL Parameter
Published
2026-03-10
Title
Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF
Published
2025-06-19
Title
WPThumb <= 0.10 - Authenticated (Contributor+) Server-Side Request Forgery