CWE-918

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config.php via the 'csv_url' parameter.

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application via the '/template-proxy/' and '/proxy-image/' endpoint.

Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.

The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the 'url' parameter of the [gcfu] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2.4.0 up to, and including, 2.5.1 via the getIcyMetadata() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.

A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side request forgery. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= 10.1.

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxy_image function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.

Server-Side Request Forgery (SSRF) vulnerability in TeconceTheme Allmart allmart-core allows Server Side Request Forgery.This issue affects Allmart: from n/a through <= 1.0.0.

The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: There are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Server-side request forgery (SSRF) vulnerability exists in FileMegane versions above 3.0.0.0 prior to 3.4.0.0. Executing arbitrary backend Web API requests could potentially lead to rebooting the services.

SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.