Lucene search
HistoryJan 15, 2024 - 4:15 p.m.
CVE-2023-6991
jsm
file_get_contents()
shortcode
wordpress
plugin
ssrf
cve-2023-6991
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.3%
The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode’s parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
Affected configurations
Node
surniaululajsm_file_get_contents\(\)_shortcodeRange<2.7.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| surniaulula | jsm_file_get_contents\(\)_shortcode | * | cpe:2.3:a:surniaulula:jsm_file_get_contents\(\)_shortcode:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
2023-12-21 00:00:00
prion
prion
Server side request forgery (ssrf)
2024-01-15 16:15:00
wpvulndb
wpvulndb
JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
2023-12-21 00:00:00
cvelist
cvelist
CVE-2023-6991 JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF
2024-01-15 15:10:41
cve
cve
CVE-2023-6991
2024-01-15 16:15:12
CVE-2023-5442
2024-01-04 19:15:08
nvd
nvd
CVE-2023-5442
2024-01-04 19:15:08
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for NVD:CVE-2023-6991