Back
WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability
- Product
- Canto
- Description
- Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability found by Pankaj Verma (p4nk4jv) in WordPress Canto plugin (versions <= 1.7.0).
- Solution
- 2020-12-01 - we were unable to find a patched version of this plugin.
- Classification
-
Type Server Side Request Forgery (SSRF)
OWASP Top 10 A1: Injection
- References
-
Vulnerability details
Plugin changelog
- CVE
- Name CVE-2020-28976, 2020-28977, 2020-28978
- Versions
-
Affected In
<= 1.7.0
Fixed In 1.7.1
- Disclosure date
- 2020-12-01
- Credits
- Pankaj Verma (p4nk4jv)