CVE-2024-1758: 
WordPress vulnerability analysis and mitigation

The SuperFaktura WooCommerce plugin for WordPress contains a Server-Side Request Forgery (SSRF) vulnerability in all versions up to and including 1.40.3. The vulnerability exists in the wcsfurl_check function, which was discovered and reported on February 26, 2024 (NVD).

The vulnerability allows authenticated attackers with subscriber-level access or higher to make web requests to arbitrary locations originating from the web application. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 8.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) according to NVD's assessment, while Wordfence rates it as MEDIUM with a score of 5.4 (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) (NVD).

The vulnerability can be exploited to query and modify information from internal services. This poses a significant security risk as attackers could potentially access and manipulate sensitive internal resources through the compromised web application (NVD).

Users should update their SuperFaktura WooCommerce plugin to a version newer than 1.40.3 to address this vulnerability. A patch has been made available through the WordPress plugin repository (Wordpress Patch).