Vulnerabilities > CVE-2020-24149 - Server-Side Request Forgery (SSRF) vulnerability in Secondline Podcast Importer Secondline 1.1.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

secondline

CWE-918

NVD

Published: 2021-07-07

Updated: 2021-07-13

Summary

Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page.

Vulnerable Configurations

Part	Description	Count
Application	Secondline Secondline Podcast Importer Secondline 1.1.4	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://wordpress.org/plugins/podcast-importer-secondline/#developers
https://github.com/secwx/research/blob/main/cve/CVE-2020-24149.md