Medium severity5.3NVD Advisory· Published Nov 30, 2020· Updated Jun 17, 2026
CVE-2020-28976
CVE-2020-28976
Description
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- WordPress/Cantodescription
- Range: =1.3.0
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.htmlnvdThird Party AdvisoryVDB Entry
- gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0nvdThird Party Advisory
- wordpress.org/plugins/canto/nvdRelease Notes
- www.canto.com/integrations/wordpress/nvdProduct
News mentions
0No linked articles in our index yet.