Server-Side Request Forgery Issue in Canto WordPress Plugin by Canto
CVE-2020-24063
7.2HIGH
What is CVE-2020-24063?
The Canto plugin version 1.3.0 for WordPress contains a vulnerability that allows attackers to exploit server-side request forgery (SSRF) through the includes/lib/download.php?subdomain= parameter. This flaw could potentially enable unauthorized requests to internal systems or external services. To mitigate risks, it is crucial for users to update their plugin to the latest version and follow best security practices.