WordPress Plugin Vulnerabilities

Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link'

Description

The Dropbox Folder Share plugin plugin was affected by an Unauthenticated Server-Side Request Forgery (SSRF) security vulnerability.

Affects Plugins

Plugin icon
dropbox-folder-share
No known fix

References

CVE
CVE-2023-3025

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
5a7facd4-585f-456d-bd34-991189e75e6d

Timeline

Publicly Published
2023-09-15 (about 2 years ago)
Added
2023-09-18 (about 2 years ago)
Last Updated
2023-09-18 (about 2 years ago)

Other

Published
Title
Published
2025-08-27
Title
Solace Extra < 1.3.3 - Authenticated (Admin+) Server-Side Request Forgery
Published
2025-10-14
Title
Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery
Published
2024-01-31
Title
TablePress < 2.2.5 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files
Published
2024-07-10
Title
BerqWP < 1.7.6 - Unauthenticated Server-Side Request Forgery
Published
2025-12-13
Title
Prime Slider – Addons For Elementor < 4.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery