WordPress Plugin Vulnerabilities

JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)

Description

The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
jsmol2wp
No known fix

References

CVE
CVE-2018-20463

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
7.5 (high)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
ad01dad9-12ff-404f-8718-9ebbd67bf611

Timeline

Publicly Published
2018-12-25 (about 7 years ago)
Added
2019-01-08 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-24
Title
BeerXML Shortcode < 0.8 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2025-03-19
Title
Order Export & Order Import for WooCommerce < 2.6.1 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function
Published
2025-08-14
Title
Simplified <= 1.0.9 - Authenticated (Administrator+) Server-Side Request Forgery
Published
2024-11-27
Title
Asset CleanUp: Page Speed Booster < 1.3.9.9 - Authenticated (Admin+) Server-Side Request Forgery
Published
2024-12-11
Title
Hurrakify < 8.0.1 - Unauthenticated Server-Side Request Forgery