CVE-2019-16932

CRITICAL Year: 2019
CVSS v3 Score
10.0
Critical
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

Related Vulnerabilities

CVE-2016-10926

CRITICAL
CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2016-10927

CRITICAL
CVSS:10.0(Critical)

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

CWE-9182016

CVE-2017-11291

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.

CWE-9182017

CVE-2017-12905

CRITICAL
CVSS:10.0(Critical)

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.

CWE-9182017

CVE-2017-8794

CRITICAL
CVSS:10.0(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.ht...

CWE-9182017

CVE-2018-10511

CRITICAL
CVSS:10.0(Critical)

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.

CWE-9182018