Canto <= 1.7.0 is vulnerable to Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability

N/A

Published
2020-11-30

The Canto plugin 1.9.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

CVE

https://www.cve.org/CVERecord?id=CVE-2020-28976, 2020-28977, 2020-28978

CVSS

Score:Unknown

Severity:Unknown

Version: 1.7.0

There is a patch available in v1.7.1 and we strongly recommend you update to this version as soon as possible.