Description
It was determined that the web application performs a server-side rendering/processing of a user supplied data in insecure way. An unauthenticated attacker could use this vulnerability to send requests to restricted services. Also, in certain cases, it may be possible to read arbitrary local files of the system.
Remediation
Sanitize user's data
References
Related Vulnerabilities
WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)
WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.25.1)
Deserialization of Untrusted Data (XStream)
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)