| |
Vulnerability CVE-2024-2090
Published: 2024-08-01
| Description: |
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. |
References: |
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve
https://wordpress.org/plugins/remote-content-shortcode/
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
