Server-Side Request Forgery in WP Smart Import Plugin for WordPress
CVE-2020-24147

9.1CRITICAL

Key Information:

Vendor: Wordpress
Status: WP Smart Import
Vendor: CVE Published:; 7 July 2021

What is CVE-2020-24147?

The WP Smart Import plugin for WordPress is susceptible to a server-side request forgery (SSR) vulnerability through its file field feature. This flaw allows attackers to make unauthorized requests to internal services, potentially leading to data exposure or manipulation. Users of the plugin should take immediate action to mitigate risks associated with this security issue.

References

https://wordpress.org/plugins/wp-smart-import/#developers

x_refsource_MISC

https://github.com/secwx/research/blob/main/cve/CVE-2020-...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2021
Vulnerability Reserved
Aug 13, 2020

Wordpress

What is CVE-2020-24147?

References

CVSS V3.1

Timeline