CVE-2022-1386

Name of the Vulnerable Software and Affected Versions Fusion Builder WordPress plugin versions prior to 3.6.2

Description The issue concerns a lack of validation for a parameter in the plugin's forms, allowing for arbitrary HTTP requests. The returned data is reflected back in the application's response, potentially enabling interaction with hosts on the server's local network and bypassing firewalls and access control measures.

Recommendations For Fusion Builder WordPress plugin versions prior to 3.6.2, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's forms to minimize the risk of exploitation.