CVE-2024-13904

Name of the Vulnerable Software and Affected Versions Platform.ly for WooCommerce plugin for WordPress versions prior to 1.1.7

Description The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The hooks function is involved in the exploitation of this issue.

Recommendations For versions up to and including 1.1.6, update to version 1.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the hooks function to minimize the risk of exploitation.