CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918
CVE-2024-1467 MEDIUM
Starter Templates - Elementor, WordPress & Beaver Builder Templates...
CVSS 4.3
CVE-2024-33857 CRITICAL
Logpoint SIEM < 7.4.0 - Authenticated Server-Side Request Forgery via Threat Intelligence URL
CVSS 9.6
CVE-2024-33117 MEDIUM
Crmeb Java - Server-Side Request Forgery
CVSS 5.3
CVE-2024-34453 MEDIUM
TwoNav 2.1.13 - Server-Side Request Forgery via Connectivity Test URL Parameter
CVSS 4.3
CVE-2024-34068 MEDIUM
Pterodactyl Panel <1.11.2 - Auth Bypass
CVSS 6.4
CVE-2024-3047 HIGH
PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - SSRF via transform()
CVSS 7.2
CVE-2024-23336 MEDIUM
MyBB < 1.8.38 - Server-Side Request Forgery via Incomplete Disallowed Remote Addresses List
CVSS 5.0
CVE-2024-33832 MEDIUM
OneNav v0.9.35-20240318 - Server-Side Request Forgery via /index.php?c=api&method=get_link_info
CVSS 6.3
CVE-2024-2663 HIGH
WordPress ZD YouTube FLV Player <1.2.6 - SSRF
CVSS 8.3
CVE-2024-0216 MEDIUM
Google Doc Embedder <= 2.6.4 - Authenticated Server-Side Request Forgery via gview Shortcode
CVSS 6.4
CVE-2024-33590 MEDIUM
BasePress <=2.16.1 - Server-Side Request Forgery
CVSS 5.0
CVE-2024-33634 MEDIUM
Piotnet Addons For Elementor Pro <7.1.17 - SSRF
CVSS 5.4
CVE-2024-33629 MEDIUM
Creative Motion Auto Featured Image <4.0.0 - SSRF
CVSS 4.4
CVE-2024-33627 MEDIUM
Cusmin Absolutely Glamorous Custom Admin <7.2.2 - SSRF
CVSS 4.4
CVE-2024-33592 MEDIUM
SoftLab Radio Player <2.0.73 - SSRF
CVSS 5.4
CVE-2024-32812 MEDIUM
Podlove Podcast Publisher < 4.0.11 - Server-Side Request Forgery
CVSS 5.4
CVE-2024-32803 MEDIUM
SuperFaktura WooCommerce <= 1.40.3 - Server-Side Request Forgery
CVSS 6.4
CVE-2024-32775 MEDIUM
Pavex Embed Google Photos <2.1.9 - SSRF
CVSS 4.9
CVE-2024-32718 MEDIUM
The Pack Elementor addons <= 2.0.8.2 - Server-Side Request Forgery
CVSS 4.9
CVE-2024-32955 MEDIUM
Foliovision FV Flowplayer Video Player <7.5.43.7212 - SSRF
CVSS 4.9
CVE-2024-32819 MEDIUM
Culqi < 3.0.14 - Server-Side Request Forgery
CVSS 4.9
CVE-2024-32407 HIGH
inducer relate < 2024.1 - Remote Code Execution via Page Sandbox Feature
CVSS 8.8
CVE-2024-27347 MEDIUM
Apache HugeGraph-Hubble <1.3.0 - SSRF
CVSS 5.3
CVE-2024-31993 MEDIUM
Mealie < 1.4.0 - Server-Side Request Forgery via Recipe Image Scraping
CVSS 6.2
CVE-2024-31991 MEDIUM
Mealie < 1.4.0 - Authenticated Server-Side Request Forgery via safe_scrape_html Function
CVSS 4.1
Details
Vulnerabilities 2,740
Links
MITRE CWE Entry Search this CWE With Exploits