CVE-2024-13924 – FancyWP WordPress Blind Server-Side Request Forgery Vulnerability

March 8, 2025
2:17 pm

CVE ID : CVE-2024-13924

Published : March 8, 2025, 1:15 p.m. | 59 minutes ago

Description : The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the ‘http_request_host_is_external’ filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-13924 – FancyWP WordPress Blind Server-Side Request Forgery Vulnerability

Elvescore.io

Recent Posts

CVE-2024-11640 – VikRentCar WordPress Car Rental Management System CSRF Arbitrary File Upload Vulnerability

CVE-2024-13649 – Elementor Xpro Addons for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-13675 – FunnelKit (WooFunnels) SlingBlocks Stored Cross-Site Scripting Vulnerability

CVE-2025-1664 – WordPress Gutenberg Blocks, Patterns & Templates Stored Cross-Site Scripting Vulnerability

CVE-2024-10326 – Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability