Description
WordPress Plugin JSM file_get_contents() Shortcode is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin JSM file_get_contents() Shortcode version 2.7.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.1 or latest
References
https://research.cleantalk.org/cve-2023-6991-jsm-file_get_contents-shortcode-ssrf-poc/
https://plugins.svn.wordpress.org/wp-file-get-contents/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)
WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21350)
WordPress Plugin Social Media Widget by Acurax Multiple Unspecified Vulnerabilities (3.2.3)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)