Skip to main content

Canto

8 CVEs product

Monthly

CVE-2024-4936 CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress RCE Canto
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2024-25096 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Canto
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-3452 CRITICAL POC PATCH THREAT Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.

PHP RCE WordPress LFI Canto
NVD
CVSS 3.1
9.8
EPSS
87.1%
Threat
6.1
CVE-2022-40305 CRITICAL POC Act Now

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canto
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-28978 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28977 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
15.3%
CVE-2020-28976 MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
27.8%
CVE-2020-24063 HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP Canto
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Canto
NVD
EPSS 87% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.

PHP RCE WordPress +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canto
NVD
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 15% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 28% CVSS 5.3
MEDIUM POC THREAT This Month

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.2
HIGH This Week

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy