CVE-2024-4260 Vulnerability Details
/
/
/
CVE-2024-4260 Metadata Quick Info
CVE Published: 23/07/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024
Source: WPScan |
Vendor: Unknown |
Product: Page Builder Gutenberg Blocks
Status : PUBLISHED
CVE-2024-4260 Description
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID:
CWE Name: CWE-918 Server-Side Request Forgery (SSRF)
Source: Unknown
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description:
Source: NVD (National Vulnerability Database).