WordPress Plugin Vulnerabilities

Qards - Server Side Request Forgery (SSRF)

Description

Google Dork: inurl:"plugins/qards"

Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way.

Proof of Concept

Affects Plugins

Plugin icon
qards
No known fix

References

URL
https://designmodo.com/qards/
URL
https://github.com/brcontainer/html2canvas-php-proxy/issues/27

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Submitter
theMiddle
Submitter twitter
Menin_TheMiddle
Verified
No
WPVDB ID
454a0ce3-ecfe-47fc-a282-5caa51370645

Timeline

Publicly Published
2017-10-11 (about 8 years ago)
Added
2017-10-17 (about 8 years ago)
Last Updated
2021-04-23 (about 5 years ago)

Other

Published
Title
Published
2025-11-04
Title
B Carousel Block – Responsive Image and Content Carousel < 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-05-16
Title
Cost Calculator Builder Pro < 3.1.73 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-04-16
Title
Really Simple SSL < 8.0.0 - Admin+ Server-Side Request Forgery
Published
2024-05-30
Title
Church Admin < 4.4.0 - Authenticated (Admin+) Server-Side Request Forgery
Published
2024-02-28
Title
Friends < 2.8.6 - Authenticated (Admin+) Blind Server-Side Request Forgery