Unauthorized Requests Vulnerability Affects Skitter Slideshow Plugin

CVE-2022-1751

7.2HIGH

Key Information

Vendor: Thiagosf
Status: Skitter Slideshow
Vendor: CVE Published:; 17 August 2024

Summary

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Affected Version(s)

Skitter Slideshow <= 2.5.2

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 17, 2024
Disclosed
Jun 7, 2022
Vulnerability Reserved.
May 16, 2022

Collectors

NVD DatabaseMitre Database

Credit

Bartu Utku SARP