Vulnerabilities > Canto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-4936 | Unspecified vulnerability in Canto The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. | 9.8 |
| 2023-08-12 | CVE-2023-3452 | Unspecified vulnerability in Canto 1.3.0 The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. | 9.8 |
| 2020-11-30 | CVE-2020-28978 | Server-Side Request Forgery (SSRF) vulnerability in Canto 1.3.0 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. | 5.0 |
| 2020-11-30 | CVE-2020-28977 | Server-Side Request Forgery (SSRF) vulnerability in Canto 1.3.0 The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. | 5.0 |
| 2020-11-30 | CVE-2020-28976 | Server-Side Request Forgery (SSRF) vulnerability in Canto 1.3.0 The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. | 5.0 |
| 2020-11-10 | CVE-2020-24063 | Server-Side Request Forgery (SSRF) vulnerability in Canto 1.3.0 The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | 5.0 |
| 2014-12-03 | CVE-2013-7416 | Command Injection vulnerability in Canto Curses 0.8.4/0.9.0 canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | 7.5 |