Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-13924
CVE-2024-13924:
WordPress vulnerability analysis and mitigation
Overview
The Starter Templates by FancyWP plugin for WordPress contains a Blind Server-Side Request Forgery (SSRF) vulnerability in versions up to and including 2.0.0. The vulnerability exists via the 'httprequesthostisexternal' filter, which allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application (NVD).
Technical details
The vulnerability is classified as CWE-918 (Server-Side Request Forgery) with a CVSS v3.1 base score of 9.1 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) according to NIST, while Wordfence assessed it with a CVSS score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) (NVD).
Impact
This vulnerability can be exploited to query and modify information from internal services. The attack vector requires no authentication and can be executed remotely, potentially leading to high impacts on confidentiality and integrity of the affected system (NVD).
Mitigation and workarounds
Users should update their Starter Templates by FancyWP plugin to a version newer than 2.0.0 to mitigate this vulnerability (NVD).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management