CVE-2023-5798 – Assistant < 1.4.4 - Editor+ SSRF

https://notcve.org/view.php?id=CVE-2023-5798

27 Jul 2023 — The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks El complemento The Assistant WordPress anterior a 1.4.4 no valida un parámetro antes de realizar una solicitud a través de wp_remote_get(), lo que podría permitir a los usuarios con un rol tan bajo como Editor realizar ataques SSRF. The Assistant plugin for WordPress is vulnerable to Server-Side Request Forge... • https://wpscan.com/vulnerability/bbb4c98c-4dd7-421e-9666-98f15acde761 • CWE-918: Server-Side Request Forgery (SSRF) •