Canto, CVE-2020-28978

CVE, Research URL: CVE-2020-28978
Home page URL: Security reports for Canto
Application: Canto
Published on: Nov 30, 2020
Research Description: The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Affected versions: max 2.0.1.
Status: vulnerable