Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024

Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF

CVE-2021-24472

Description

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.

Affected products

Qantumthemes/Qt Kentharadiov5
Range: 2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72amitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000