6.0.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bontheme

CWE-918

critical

NVD

Published: 2023-11-03

Updated: 2023-11-09

Summary

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.

Vulnerable Configurations

Part	Description	Count
Application	Bontheme Bontheme Socialfeed Photos & Video Using Instagram API 5.2.1 Bontheme Socialfeed Photos & Video Using Instagram API 5.2.3 Bontheme Socialfeed Photos & Video Using Instagram API 6.0.0	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://security.friendsofpresta.org/modules/2023/11/02/boninstagramcarousel.html