Plugin vulnerable to Server-Side Request Forgery
CVE-2024-1812
7.2HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 9 April 2024
What is CVE-2024-1812?
The Everest Forms plugin for WordPress is susceptible to a Server-Side Request Forgery vulnerability in all versions up to and including 2.0.7. This vulnerability arises through the 'font_url' parameter, enabling unauthorized attackers to initiate web requests to arbitrary locations originating from the affected web application. Consequently, this can lead to the querying and potential modification of sensitive information from internal services, posing significant risks to the security of the system and its data integrity.
Affected Version(s)
Everest Forms – Build Contact Forms, Surveys, Polls, Quizzes, Newsletter & Application Forms, and Many More with Ease! * <= 2.0.7