cleantalk
Vulnerabilities and Security Researches

Assistant – Every Day Productivity Apps, 276a67044e9badbdac5a71b473bf0870347b6461

CVE, Research URL

276a67044e9badbdac5a71b473bf0870347b6461

Home page URL

Security reports for Assistant – Every Day Productivity Apps

Application

Assistant – Every Day Productivity Apps

Published on
Jul 27, 2023
Research Description
Assistant &#8211; Every Day Productivity Apps [assistant] < 1.4.4 Assistant <= 1.4.3 - Authenticated (Editor+) Server Side Request Forgery The Assistant plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.4.3 via the /posts/(?P<id>\d+)/library/(?P<library_id>\d+) REST API endpoint. This can allow authenticated attackers, with editor-level capabilities and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
Min -, max 1.4.4.
Status
vulnerable
Previous vulnerability researches
Debug Assistant (CVE-2023-26527) , Jun 10, 2024
Debug Assistant (CVE-2023-26516) , Jun 10, 2024
Floating Buttons for WooCommerce (CVE-2024-52395) , Nov 15, 2024
I Am Gloria (CVE-2025-0990) , Mar 06, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2024-7714) , Sep 29, 2024
New vulnerability
WooCommerce Booking Bundle Hours (CVE-2025-58991) , Sep 10, 2025
Dynamic Text Field For Contact Form 7 (CVE-2025-58989) , Sep 10, 2025
My Tickets (CVE-2025-58988) , Sep 10, 2025
ZIP Code Based Content Protection (CVE-2025-59008) , Sep 10, 2025
Tutor LMS &#8211; eLearning and online course solution (CVE-2025-58993) , Sep 10, 2025