CVE-2019-11565
CRITICALPrint My Blog < 1.6.7 - Server-Side Request Forgery via Site Parameter
Title source: llmDescription
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter.
References (5)
Core 5
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
http://dumpco.re/bugs/wp-plugin-print-my-blog-ssrf
Release Notes, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/print-my-blog/#developers
Patch, Third Party Advisory x_refsource_misc
https://github.com/mnelson4/printmyblog/commit/8584a2839a541eb29fca64252e388c827af3ec21
Patch, Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/changeset?old_path=%2Fprint-my-blog%2Ftrunk&old=2075667&new_path=%2Fprint-my-blog%2Ftrunk&new=2075667
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9263
Scores
CVSS v3
9.8
EPSS
0.0282
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
print_my_blog_project/print_my_blog
< 1.6.7
Published
Apr 27, 2019
Tracked Since
Feb 18, 2026