WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)

Description

WordPress Plugin All in One Social Lite is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin All in One Social Lite version 1.0 is vulnerable.

Remediation

Edit the source code to ensure that input is properly validated or disable the plugin until a fix is available

References