Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-6991
HistoryJan 15, 2024 - 3:10 p.m.

CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

2024-01-1515:10:41
WPScan
www.cve.org
5
cve-2023-6991
wordpress
ssrf

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode’s parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "JSM file_get_contents() Shortcode",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.7.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

wpexploit 1
prion 1
nvd 2
wpvulndb 1
cve 2
wordfence 1
wpexploit
wpexploit
JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
2023-12-21 00:00:00
prion
prion
Server side request forgery (ssrf)
2024-01-15 16:15:00
nvd
nvd
CVE-2023-6991
2024-01-15 16:15:12
CVE-2023-5442
2024-01-04 19:15:08
wpvulndb
wpvulndb
JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
2023-12-21 00:00:00
cve
cve
CVE-2023-6991
2024-01-15 16:15:12
CVE-2023-5442
2024-01-04 19:15:08
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)
2024-01-05 13:20:47

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON
Related for CVELIST:CVE-2023-6991
wpexploit1prion1nvd2wpvulndb1cve2wordfence1