The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-08-02T10:32:13
Updated: 2024-08-03T19:35:19.857Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24472
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-02T11:15:10.127
Modified: 2024-11-21T05:53:08.193
Link: CVE-2021-24472
Redhat
No data.