CVE-2023-3958

Summary

CVE-2023-3958 is a Server Side Request Forgery (SSRF) vulnerability affecting the WP Remote Users Sync plugin for WordPress. This issue, present in versions up to and including 1.2.12, allows authenticated attackers with subscriber-level permissions or above to initiate web requests from the vulnerable application to arbitrary locations. This can potentially lead to information leakage or modification of data from internal services. While version 1.2.12 introduced a partial patch, the vulnerability was fully mitigated in version 1.2.13.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.