CVE-2024-2090

NVD Published Date: August 01, 2024 at 05:15 AM
NVD Last Modified: August 01, 2024 at 12:42 PM
Download Patch
Vulnerability ID
CVE-2024-2090
Severity
MEDIUM
Severity Score
6.4
Summary
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-7343

CVE-2024-6496

CVE-2024-6346

CVE-2024-7357

CVE-2024-2455

2024-07 Mise à jour cumulative pour .NET Framework 3.5 pour et 4.8 pour Windows 10 Version 22H2 pour les systèmes ARM64 (KB5041019)

See SecOps Solution
in action

Schedule Demo