Vulnerabilities > CVE-2023-6991 - Server-Side Request Forgery (SSRF) vulnerability in Surniaulula JSM File GET Contents() Shortcode 2.7.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

surniaulula

CWE-918

NVD

Published: 2024-01-15

Updated: 2024-11-21

Summary

The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

Vulnerable Configurations

Part	Description	Count
Application	Surniaulula Surniaulula JSM File GET Contents() Shortcode - Surniaulula JSM File GET Contents() Shortcode 2.7.0	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc
https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc