The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Thiagosf
Thiagosf skitter Slideshow |
|
CPEs | cpe:2.3:a:thiagosf:skitter_slideshow:*:*:*:*:*:*:*:* | |
Vendors & Products |
Thiagosf
Thiagosf skitter Slideshow |
|
Metrics |
ssvc
|
Sat, 17 Aug 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |
Title | Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-17T07:34:18.138Z
Updated: 2024-08-19T13:50:55.581Z
Reserved: 2022-05-16T22:40:25.070Z
Link: CVE-2022-1751
Vulnrichment
Updated: 2024-08-19T13:50:51.744Z
NVD
Status : Awaiting Analysis
Published: 2024-08-17T08:15:04.550
Modified: 2024-08-19T13:00:23.117
Link: CVE-2022-1751
Redhat
No data.