{"uuid": "c3c779cf-8c3f-4f57-8e1a-b612edac90ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-5877", "type": "seen", "source": "https://t.me/cibsecurity/74086", "content": "\u203c\ufe0fCVE-2023-5877\u203c\ufe0f\n\nThe affiliatetoolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliatetoolkitstartertoolsatkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery SSRF issue.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-02T01:30:45.000000Z"}