Cloudflare, f80f3d55a529f665edfbad2a5f56160499fe067f

CVE, Research URL: f80f3d55a529f665edfbad2a5f56160499fe067f
Home page URL: Security reports for Cloudflare
Application: Cloudflare
Published on: Jan 04, 2024
Research Description: Cloudflare [cloudflare] < 4.12.3 Cloudflare <= 4.12.2 - Missing Authorization via initProxy The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests proxied through Cloudflare to arbitrary URLs.
Affected versions: max 4.12.3.
Status: vulnerable