Canto-Wordpress-Plugin
by CantoDAM
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24063 | Hig | 0.47 | 7.2 | 0.01 | Nov 10, 2020 | The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | ||
| CVE-2020-28976 | Med | 0.40 | 5.3 | 0.26 | Nov 30, 2020 | The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. |
- risk 0.47cvss 7.2epss 0.01
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
- risk 0.40cvss 5.3epss 0.26
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.