PT-2025-10079 · WordPress · Wpget Api – Connect To Any External Rest Api

Francesco Carlucci

Published

2025-03-07

Updated

2025-03-08

CVE-2024-13857

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WPGet API – Connect to any external REST API plugin for WordPress versions up to, and including, 2.2.10

Description The issue allows authenticated attackers with Administrator-level access and above to perform Server-Side Request Forgery. This enables them to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Recommendations For versions up to, and including, 2.2.10, update to a version higher than 2.2.10 to resolve the issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-13857

Affected Products

Wpget Api – Connect To Any External Rest Api

PT-2025-10079 · WordPress · Wpget Api – Connect To Any External Rest Api

CVE-2024-13857

Weakness Enumeration

Related Identifiers

Affected Products

References · 8