CVE-2024-32775 – WordPress Embed Google Photos album plugin <= 2.1.9 - Server Side Request Forgery (SSRF) vulnerability

https://notcve.org/view.php?id=CVE-2024-32775

Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Pavex Embed Google Photos album. Este problema afecta al álbum Embed Google Photos: desde n/a hasta 2.1.9. The Embed Google Photos album plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.0 via the Pavex_embed_google_photos_album class. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/embed-google-photos-album-easily/wordpress-embed-google-photos-album-plugin-2-1-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •