The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
References
Configurations
History
07 Nov 2023, 04:17
Type | Values Removed | Values Added |
---|---|---|
CWE |
20 Sep 2023, 13:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hynotech
Hynotech dropbox Folder Share |
|
CPE | cpe:2.3:a:hynotech:dropbox_folder_share:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118 - Patch | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve - Third Party Advisory |
17 Sep 2023, 12:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-16 09:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-3025
Mitre link : CVE-2023-3025
CVE.ORG link : CVE-2023-3025
JSON object : View
Products Affected
hynotech
- dropbox_folder_share
CWE
No CWE.