Print My Blog <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF)

Affects Plugin

fixed in version 1.6.6

References

CVE 2019-11565
URL http://dumpco.re/bugs/wp-plugin-print-my-blog-ssrf
URL https://plugins.trac.wordpress.org/changeset?old_path=%2Fprint-my-blog%2Ftrunk&old=2075667&new_path=%2Fprint-my-blog%2Ftrunk&new=2075667
URL https://github.com/mnelson4/printmyblog/commit/8584a2839a541eb29fca64252e388c827af3ec21

Classification

Type SSRF
OWASP Top 10 A5: Security Misconfiguration
CWE CWE-918

Miscellaneous

Original Researcher Magnus K. Stubman
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 6169
Verified No
WPVDB ID 9263

Timeline

Publicly Published 2019-04-27 (3 months ago)
Added 2019-04-27 (3 months ago)
Last Updated 2019-04-27 (3 months ago)