CVE-2024-23825

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-23825
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23825.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-23825
Aliases
  • GHSA-x8rf-c8x6-mrpg
Published
2024-01-30T16:22:04.876Z
Modified
2025-11-30T11:29:10.599149Z
Severity
  • 3.0 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts
Details

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

Database specific 
{
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23825.json"
}
References

Affected packages

Git / github.com/tablepress/tablepress

Affected ranges

Type
GIT
Repo
https://github.com/tablepress/tablepress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
62aab50e7a9c486caaeff26dff4dc01e059ecb91

Affected versions

0.*

0.4-alpha
0.5-alpha
0.6-beta
0.7-beta
0.8-beta
0.9-RC

1.*

1.0
1.1
1.1.1
1.10
1.11
1.12
1.13
1.14
1.2
1.3
1.4
1.5
1.5.1
1.6
1.6.1
1.7
1.8
1.8.1
1.9
1.9.1
1.9.2

2.*

2.0
2.0-RC1
2.0-RC2
2.0-RC3
2.0-beta1
2.0-beta2
2.0.1
2.0.2
2.0.3
2.0.4
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2
2.2.1
2.2.2
2.2.3
2.2.4