CVE-2021-39339

Published: Sep 22, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.

Affected (1)

Products: Telefication: Telefication

Telefication

1 product

Telefication

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Telefication Telefication	Up to 1.8.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://plugins.trac.wordpress.org/browser/telefication/tags/1.8.0/bypass.php

Source: security@wordfence.com

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/browser/telefication/tags/1.8.0/bypass.php

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.