CVE-2024-1568

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 28, 2024

Summary

CVE-2024-1568: A serious vulnerability affects the Seraphinite Accelerator plugin for WordPress. This issue, present in all versions up to 2.20.52, enables authenticated attackers with subscriber-level access or higher to execute Server-Side Request Forgeries (SSRF) via the OnAdminApi_HtmlCheck function. Attackers can exploit this vulnerability to make web requests from the WordPress application to arbitrary locations, potentially allowing them to access and modify confidential data from internal services.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uiGQJr
https://www.cve.org/CVERecord?id=CVE-2024-1568
https://nvd.nist.gov/vuln/detail/CVE-2024-1568

Back to Vulnerability Database

CVE-2024-1568

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations