ThreatPress

WordPress Vulnerability Database

Back

WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability

Product
Canto
Description
Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability found by Pankaj Verma (p4nk4jv) in WordPress Canto plugin (versions <= 1.7.0).
Solution
2020-12-01 - we were unable to find a patched version of this plugin.
Classification
Type Server Side Request Forgery (SSRF)
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-2020-28976, 2020-28977, 2020-28978
Versions
Affected In <= 1.7.0
Fixed In 1.7.1
Disclosure date
2020-12-01
Credits
Pankaj Verma (p4nk4jv)