CVE-2023-6805

MEDIUM Year: 2023
CVSS v3 Score
6.4
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetch_feed functionality. This makes it possible for authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to modify information from internal services. NOTE: This vulnerability, exploitable by contributor-level users, was was fixed in version 4.4.7. The same vulnerability was fixed for author-level users in version 4.4.8.

Related Vulnerabilities

CVE-2018-1000182

MEDIUM
CVSS:6.4(Medium)

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb....

CWE-9182018

CVE-2021-23927

MEDIUM
CVSS:6.4(Medium)

OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.

CWE-9182021

CVE-2021-31779

MEDIUM
CVSS:6.4(Medium)

The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.

CWE-9182021

CVE-2021-40109

MEDIUM
CVSS:6.4(Medium)

A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that re...

CWE-9182021

CVE-2023-4651

MEDIUM
CVSS:6.4(Medium)

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.

CWE-9182023

CVE-2023-6964

MEDIUM
CVSS:6.4(Medium)

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadence_import_ge...

CWE-9182023