Server-Side Request Forgery (SSRF) Vulnerability Affects Spectra
CVE-2023-36679

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Spectra
Vendor: CVE Published:; 28 March 2024

What is CVE-2023-36679?

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Brainstorm Force Spectra plugin, which can allow unauthorized users to send specially crafted requests from the server. This flaw can potentially lead to the exposure of sensitive internal resources, posing serious threats to the overall security posture of the affected systems. It is crucial for users to apply the necessary updates and patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Spectra <= 2.6.6

References

https://patchstack.com/database/vulnerability/ultimate-ad...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Jun 26, 2023

Credit

Rafie Muhammad (Patchstack)