Hakooraevil

**Name of the Vulnerable Software and Affected Versions** Canto plugin version 1.3.0 for WordPress **Description** The issue allows for Server-Side Request Forgery (SSRF) via the "includes/lib/download.php" endpoint with the `subdomain` parameter. **Recommendations** For Canto plugin version 1.3.0, consider restricting access to the "includes/lib/download.php" endpoint to minimize the risk of SSRF exploitation. Avoid using the `subdomain` parameter in this endpoint until the issue is resolved.