CVE-2024-0216 MEDIUM

CVE-2024-0216: Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery

Vendor Levertechadmin
Product Google Doc Embedder
Weakness CWE-918 · SSRF
Published April 30, 2024
Last update April 8, 2026

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Key dates

02Disclosure timeline

April 30, 2024 CVE published
April 8, 2026 Record updated