Vulnerabilities > CVE-2023-3025 - Unspecified vulnerability in Hynotech Dropbox Folder Share 1.9.7

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

hynotech

NVD

Published: 2023-09-16

Updated: 2023-11-07

Summary

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Vulnerable Configurations

Part	Description	Count
Application	Hynotech Hynotech Dropbox Folder Share 1.9.7	1

References

https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118
https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve