ssrf vulnerabilities and exploits

7.5
CVSSv2
CVE-2018-7667

Adminer through 4.3.1 has SSRF via the server parameter....

7.5
CVSSv2
CVE-2018-20596

Jspxcms v9.0.0 allows SSRF....

5
CVSSv2
CVE-2017-9066

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF....

WordpressDebianDebian Linux
4.3
CVSSv2
CVE-2017-9063

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session....

WordpressDebianDebian Linux
6.8
CVSSv2
CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials....

WordpressDebianDebian Linux
4.3
CVSSv2
CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename....

WordpressDebianDebian Linux
5
CVSSv2
CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API....

WordpressDebianDebian Linux
5
CVSSv2
CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API....

WordpressDebianDebian Linux
5.5
CVSSv2
CVE-2019-14225

OX App Suite 7.10.1 and 7.10.2 allows SSRF....

7.5
CVSSv2
CVE-2019-3905

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF....