PT-2019-14878 · WordPress · Visualizer

Publicado

2019-09-30

·

Atualizado

2019-10-04

·

CVE-2019-16932

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Visualizer plugin versions prior to 3.3.1 for WordPress
Description A blind SSRF issue exists in the Visualizer plugin for WordPress. The issue can be exploited via the "wp-json/visualizer/v1/upload-data" API endpoint.
Recommendations For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-json/visualizer/v1/upload-data" API endpoint until a patch is applied.

Exploit

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2019-16932

Produtos afetados

Visualizer