CVE-2024-13905

Name of the Vulnerable Software and Affected Versions OneStore Sites plugin for WordPress versions prior to 0.1.2

Description The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The vulnerability is related to Server-Side Request Forgery via the class-export.php file.

Recommendations For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the class-export.php file to minimize the risk of exploitation.