CVE-2023-6991

Name of the Vulnerable Software and Affected Versions JSM file get contents() Shortcode WordPress plugin versions prior to 2.7.1

Description The issue concerns a lack of validation for one of the shortcode's parameters in the JSM file get contents() Shortcode WordPress plugin. This could allow users with a contributor role or higher to perform Server-Side Request Forgery (SSRF) attacks. SSRF attacks involve tricking a server into making requests to unintended locations, potentially leading to unauthorized access or data exposure.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode to minimize the risk of exploitation.