1 results (0.001 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Pavex Embed Google Photos album. Este problema afecta al álbum Embed Google Photos: desde n/a hasta 2.1.9. The Embed Google Photos album plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.0 via the Pavex_embed_google_photos_album class. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/embed-google-photos-album-easily/wordpress-embed-google-photos-album-plugin-2-1-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •