SSRF Attacks in Multisite Configurations

CVE-2023-7253

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Import WP
Vendor: CVE Published:; 24 April 2024

Summary

The Import WP WordPress plugin before 2.13.1 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.

Affected Version(s)

Import WP < 2.13.1

Timeline

Vulnerability published.
Apr 24, 2024
Vulnerability Reserved.
Mar 28, 2024

Collectors

NVD DatabaseMitre Database

Credit

Mr Empy

WPScan