PT-2025-10079 · WordPress · Wpget Api – Connect To Any External Rest Api

Francesco Carlucci

Publicado

2025-03-07

Atualizado

2025-03-08

CVE-2024-13857

CVSS v3.1

5.5

Média

Vetor

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WPGet API – Connect to any external REST API plugin for WordPress versions up to, and including, 2.2.10

Description The issue allows authenticated attackers with Administrator-level access and above to perform Server-Side Request Forgery. This enables them to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Recommendations For versions up to, and including, 2.2.10, update to a version higher than 2.2.10 to resolve the issue.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2024-13857

Produtos afetados

Wpget Api – Connect To Any External Rest Api

PT-2025-10079 · WordPress · Wpget Api – Connect To Any External Rest Api

CVE-2024-13857

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8