The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
History

Mon, 19 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Thiagosf
Thiagosf skitter Slideshow
CPEs cpe:2.3:a:thiagosf:skitter_slideshow:*:*:*:*:*:*:*:*
Vendors & Products Thiagosf
Thiagosf skitter Slideshow
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 17 Aug 2024 07:45:00 +0000

Type Values Removed Values Added
Description The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Title Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-17T07:34:18.138Z

Updated: 2024-08-19T13:50:55.581Z

Reserved: 2022-05-16T22:40:25.070Z

Link: CVE-2022-1751

cve-icon Vulnrichment

Updated: 2024-08-19T13:50:51.744Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-17T08:15:04.550

Modified: 2024-08-19T13:00:23.117

Link: CVE-2022-1751

cve-icon Redhat

No data.