CVE-2024-1978

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Related Vulnerabilities

CVE-2016-3718

MEDIUM
CVSS:5.5(Medium)

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CWE-9182016

CVE-2019-20872

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

CWE-9182019

CVE-2020-14327

MEDIUM
CVSS:5.5(Medium)

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the se...

CWE-9182020

CVE-2020-27018

MEDIUM
CVSS:5.5(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's w...

CWE-9182020

CVE-2022-24871

MEDIUM
CVSS:5.5(Medium)

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Use...

CWE-9182022

CVE-2022-25876

MEDIUM
CVSS:5.5(Medium)

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due...

CWE-9182022