Security Advisory

CVE-2023-5877

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-01 14:18:58

Last updated 2025-06-03 14:54:16

Assigner WPScan

State PUBLISHED

Description

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.

← Browse all CVEs View on cve.org ↗