Description
WordPress Plugin Telefication is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Telefication version 1.8.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339
https://plugins.svn.wordpress.org/telefication/trunk/README.txt
Related Vulnerabilities
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)
WordPress Plugin Googmonify Multiple Vulnerabilities (0.5.1)
Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities (CVE-2014-9587)
Serendipity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3800)