How severe is CVE-2024-23825?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-23825?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-23825 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

Related Vulnerabilities

CVE-2018-1999017

MEDIUM

CVSS:4.9(Medium)

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authentic...

CWE-9182018

CVE-2019-7616

MEDIUM

CVSS:4.9(Medium)

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set th...

CWE-9182019

CVE-2020-14023

MEDIUM

CVSS:4.9(Medium)

Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.

CWE-9182020

CVE-2020-5562

MEDIUM

CVSS:4.9(Medium)

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-C...

CWE-9182020

CVE-2021-25972

MEDIUM

CVSS:4.9(Medium)

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails...

CWE-9182021

CVE-2021-32698

MEDIUM

CVSS:4.9(Medium)

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see t...

CWE-9182021