Description
WordPress Plugin PhonePe Payment Solutions is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin PhonePe Payment Solutions version 1.0.15 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.0 or latest
References
Related Vulnerabilities
Oracle JRE CVE-2024-20919 Vulnerability (CVE-2024-20919)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)
Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)
WordPress Plugin Custom Field Suite Cross-Site Request Forgery (2.5.15)