CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6991

The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc
https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc

Products affected by CVE-2023-6991

Surniaulula » Jsm File Get Contents() Shortcode » Version: N/A

cpe:2.3:a:surniaulula:jsm_file_get_contents()_shortcode:-
Surniaulula » Jsm File Get Contents() Shortcode » Version: 2.7.0

cpe:2.3:a:surniaulula:jsm_file_get_contents()_shortcode:2.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6991

Products

Pricing

Contact Us