Description
WordPress Plugin Telefication is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Telefication version 1.8.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339
https://plugins.svn.wordpress.org/telefication/trunk/README.txt
Related Vulnerabilities
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000355)
Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.6)
Django Incorrect Default Permissions Vulnerability (CVE-2019-19118)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)
WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)