2024-01-01 14:18:58
WPScan
PUBLISHED
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.