PT-2024-16571 · WordPress · Code Embed
B0Lli
+1
·
Published
2024-11-08
·
Updated
2024-11-13
·
CVE-2024-10814
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Code Embed plugin for WordPress versions up to 2.5
Description
The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery via the
ce get file() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Recommendations
For Code Embed plugin for WordPress versions up to 2.5, update to the latest version to mitigate the risk of Server-Side Request Forgery. As a temporary workaround, consider restricting access to the
ce get file() function until a patch is available.Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code Embed