CVE-2020-28978

MEDIUM

Canto - SSRF

Title source: rule

Description

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

Exploits (1)

exploitdb WRITEUP

webappsmultiple

https://www.exploit-db.com/exploits/49189

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html

[Third Party Advisory] https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0

[Product] https://github.com/CantoDAM/Canto-Wordpress-Plugin

View Writeup ZIP pw:eip

[Release Notes] https://wordpress.org/plugins/canto/#developers

[Product] https://www.canto.com/integrations/wordpress/

Scores

CVSS v3 5.3

EPSS 0.1041

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-918

Status published

Products (1)

canto/canto 1.3.0

Published Nov 30, 2020

Tracked Since Feb 18, 2026