The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-15T15:10:41.733Z
Updated: 2024-10-23T15:31:18.084Z
Reserved: 2023-12-20T10:11:55.989Z
Link: CVE-2023-6991
Vulnrichment
Updated: 2024-08-02T08:50:06.847Z
NVD
Status : Modified
Published: 2024-01-15T16:15:12.743
Modified: 2024-11-21T08:44:59.343
Link: CVE-2023-6991
Redhat
No data.