CVE-2020-28977

MEDIUM

WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via get.php

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28977.

AI-analyzed exploit summary The exploit describes a Blind SSRF vulnerability in the WordPress Canto plugin version 1.3.0, where an unauthenticated attacker can make requests to internal/external servers via the 'subdomain' parameter in multiple endpoints. The writeup includes technical details such as vulnerable endpoints, reproduction steps, and the necessity of a '?' in the payload for bypass.

Description

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

Exploits (1)

exploitdb WRITEUP
webappsmultiple
https://www.exploit-db.com/exploits/49189

The exploit describes a Blind SSRF vulnerability in the WordPress Canto plugin version 1.3.0, where an unauthenticated attacker can make requests to internal/external servers via the 'subdomain' parameter in multiple endpoints. The writeup includes technical details such as vulnerable endpoints, reproduction steps, and the necessity of a '?' in the payload for bypass.

Classification
Writeup 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: WordPress Canto plugin 1.3.0
No auth needed
Prerequisites: Access to the target WordPress site with the vulnerable plugin installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.3
EPSS 0.1525
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
canto/canto 1.3.0
Published Nov 30, 2020
Tracked Since Feb 18, 2026