关键信息 漏洞名称: WordPress WPThumb Plugin <= 0.10 is vulnerable to Server Side Request Forgery (SSRF) 优先级: Low priority 受影响版本: <= 0.10 官方修复: No official fix available 风险: - CVSS评分: 4.0 - 描述: Server Side Request Forgery (SSRF) allows a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. 警告: This software is likely abandoned! It was last updated over a year ago and will likely not receive further updates or fixes. 解决方案: - Remove and replace software. This software was last updated over a year ago and will likely not receive further updates or fixes. Note that deactivating the software does not remove the security threat unless a vPatch is deployed. 详细信息: - 软件: WPThumb - 类型: Plugin - 易受攻击的版本: <= 0.10 - 报告日期: 18 May 2023 - 发布日期: 19 Jun 2023