2026-01-24 07:26:41
Wordfence
PUBLISHED
The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the url parameter in the template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application via the /template-proxy/ and /proxy-image/ endpoint.