CVE-2023-5798

Name of the Vulnerable Software and Affected Versions The Assistant WordPress plugin versions prior to 1.4.4

Description The issue arises from the plugin not validating a parameter before making a request to it via wp remote get(), which could allow users with a role as low as Editor to perform Server-Side Request Forgery (SSRF) attacks. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting the role of users who have access to the plugin's functionality to minimize the risk of exploitation.