CVE-2023-23800
WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.
Vulnerabilidad de Server-Side Request Forgery (SSRF) en Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate. Este problema afecta al complemento WP Shortcodes – Shortcodes Ultimate: desde n/a hasta 5.12.6.
The Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the "url" attribute of the su_csv_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-01-18 CVE Reserved
- 2023-02-10 CVE Published
- 2024-08-28 CVE Updated
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Getshortcodes Search vendor "Getshortcodes" | Shortcodes Ultimate Search vendor "Getshortcodes" for product "Shortcodes Ultimate" | <= 5.12.6 Search vendor "Getshortcodes" for product "Shortcodes Ultimate" and version " <= 5.12.6" | wordpress |
Affected
|