Total
2231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39313 | 1 Theme-fusion | 1 Avada | 2025-02-05 | N/A | 7.7 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | |||||
| CVE-2024-13450 | 1 Bitapps | 1 Contact Form Builder | 2025-02-04 | N/A | 3.8 LOW |
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments. | |||||
| CVE-2024-10705 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-04 | N/A | 5.4 MEDIUM |
| The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-11913 | 1 Buddydev | 1 Activity Plus Reloaded For Buddypress | 2025-02-04 | N/A | 5.4 MEDIUM |
| The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2023-26735 | 1 Prometheus | 1 Blackbox Exporter | 2025-02-04 | N/A | 7.5 HIGH |
| blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured. | |||||
| CVE-2024-29173 | 1 Dell | 10 Apex Protection Storage, Data Domain Operating System, Dd3300 and 7 more | 2025-02-03 | N/A | 6.8 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client. | |||||
| CVE-2024-5031 | 1 Caseproof | 1 Memberpress | 2025-01-31 | N/A | 8.5 HIGH |
| The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-2343 | 1 Theme-fusion | 1 Avada | 2025-01-31 | N/A | 6.4 MEDIUM |
| The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2023-30019 | 1 Evilmartians | 1 Imgproxy | 2025-01-29 | N/A | 5.3 MEDIUM |
| imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | |||||
| CVE-2025-24354 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2. | |||||
| CVE-2023-23169 | 1 Synapsoft | 1 Pdfocus | 2025-01-27 | N/A | 6.5 MEDIUM |
| Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | |||||
| CVE-2024-13360 | 1 Aipower | 1 Aipower | 2025-01-24 | N/A | 5.4 MEDIUM |
| The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||
| CVE-2024-5917 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 4.9 MEDIUM |
| A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. | |||||
| CVE-2023-31848 | 1 Davinci Project | 1 Davinci | 2025-01-23 | N/A | 8.8 HIGH |
| davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | |||||
| CVE-2024-42182 | 2025-01-23 | N/A | 2.5 LOW | ||
| BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. | |||||
| CVE-2023-50733 | 2025-01-21 | N/A | 8.6 HIGH | ||
| A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices. | |||||
| CVE-2024-32718 | 1 Webangon | 1 The Pack Elementor Addons | 2025-01-21 | N/A | 4.9 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | |||||
| CVE-2024-3485 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.3 MEDIUM |
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. | |||||
| CVE-2024-3970 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.3 MEDIUM |
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. | |||||
| CVE-2024-27565 | 1 Dirk1983 | 1 Chatgpt-wechat-personal | 2025-01-21 | N/A | 9.8 CRITICAL |
| A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. | |||||