Security Advisory

CVE-2023-6991

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-15 15:10:41

Last updated 2025-06-11 16:42:03

Assigner WPScan

State PUBLISHED

Description

The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcodes parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

← Browse all CVEs View on cve.org ↗