CVE-2024-13695 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This…
Medium CVSS: 6.4

CVE-2024-13695

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Vendor
Kriesi
Product
Enfold
CWE
CWE-918
Yayın Tarihi
2025-02-25 10:15:09
Güncelleme
2025-02-28 01:34:39
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-918 Enfold MEDIUM Kriesi 2025

Referanslar

https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990#item-description__changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/b55722f9-a0b9-4484-bd3b-c21dbe5716ee?source=cve