Podcast Importer SecondLine < 1.1.5 – Server-Side Request Forgery (SSRF) | CVE 2020-24149

Affects Plugins

podcast-importer-secondline

Fixed in 1.1.5

References

CVE

CVE-2020-24149

URL

https://github.com/secwx/research/blob/main/cve/CVE-2020-24149.md

Classification

Type

SSRF

OWASP top 10

A1: Injection

CWE

CWE-918

CVSS

4.7 (medium)

Miscellaneous

Original Researcher

Suzhou Aurora Infinity Information Technology Co., Ltd.

Verified

No

WPVDB ID

f63667f3-0314-46bc-a85e-fa25cf372ff4

Timeline

Publicly Published

2021-04-13 (about 5 years ago)

Added

2021-07-09 (about 4 years ago)

Last Updated

2022-02-06 (about 4 years ago)

Other

Published

Title

Published

2024-11-01

Title

Magical Addons For Elementor < 1.2.3 - Authenticated (Subscriber+) Server-Side Request Forgery

Published

2025-08-14

Title

Quttera Web Malware Scanner < 3.5.2.1 - Authenticated (Administrator+) Server-Side Request Forgery

Published

2021-02-27

Title

Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)

Published

2025-12-18

Title

HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery

Published

2026-01-23

Title

Frontis Blocks < 1.1.7 - Unauthenticated Server-Side Request Forgery via 'url' Parameter