Medium severity5.0NVD Advisory· Published Apr 10, 2024· Updated Apr 15, 2026
CVE-2024-3448
CVE-2024-3448
Description
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.