ThreatPress

WordPress Vulnerabilities Database

Back

WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Product
JSmol2WP
Description
Unauthenticated Server Side Request Forgery (SSRF) vulnerability found in WordPress JSmol2WP plugin (versions <= 1.07).
Solution
08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for download.
Classification
Type Server Side Request Forgery (SSRF)
OWASP Top 10 A5: Security Misconfiguration
References
Vulnerability description
Plugin changelog
CVE
Name CVE-CVE-2018-20463
Versions
Affected In <= 1.07
Disclosure date
2019-01-08
Submitter
ThreatPress