WordPress CommentLuv Plugin <= 3.0.4 is vulnerable to Server Side Request Forgery (SSRF)
CVE-2023-49159

7.2HIGH

Key Information:

Vendor: WordPress
Status: CommentLuv
Vendor: CVE Published:; 15 December 2023

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in CommentLuv by Elegant Digital Solutions, allowing attackers to send unauthorized requests from the server. This flaw affects versions of CommentLuv up to 3.0.4. Exploitation of this vulnerability can lead to information disclosure and potential unauthorized interactions with internal services. It is crucial for users of affected versions to implement immediate security measures to mitigate risks.

Affected Version(s)

CommentLuv <= 3.0.4

References

https://patchstack.com/database/vulnerability/commentluv/...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Nov 22, 2023

Credit

Yuchen Ji (Patchstack Alliance)