Description
WordPress Plugin Telefication is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Telefication version 1.8.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39339
https://plugins.svn.wordpress.org/telefication/trunk/README.txt
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-4481)
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)
WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)