What the vulnerability does
01Description
Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress fg-drupal-to-wp allows Server Side Request Forgery.This issue affects FG Drupal to WordPress: from n/a through <= 3.90.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
What the vulnerability does
Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress fg-drupal-to-wp allows Server Side Request Forgery.This issue affects FG Drupal to WordPress: from n/a through <= 3.90.0.
Explanation of Vulnerability in Simple Terms
The FG Drupal to WordPress plugin for WordPress contains a server-side request forgery (SSRF) vulnerability. An authenticated administrator can craft requests that cause the plugin to make HTTP calls to internal or external systems on their behalf. The vulnerability requires high privileges and complex attack conditions, limiting its practical impact. Update to a version newer than 3.90.0.
What an attacker can do
Make the site send HTTP requests to internal or external systems on the attacker's behalf.
Potential impact on your site
An admin account could be compromised or misused to probe internal networks or interact with external services.
Conditions required to exploit
Attacker must have WordPress administrator privileges and craft a specific request to trigger the vulnerability.
Key dates
External resources
Related vulnerabilities