Kargo Takip
Monthly
Server-side request forgery in the Kargo Takip WordPress plugin (versions through 1.2) allows unauthenticated remote attackers to coerce the site into issuing arbitrary HTTP requests via the 'api_url' parameter and to exfiltrate data from internal services. Because the plugin echoes the value of any 'auth' key from the JSON response back to the attacker, it enables direct retrieval of sensitive responses such as cloud instance metadata credentials. No public exploit identified at time of analysis, and the plugin is not listed in CISA KEV.
Kargo Takip versions prior to 0.2.4 contain a missing authorization vulnerability that allows authenticated users to modify data or perform unauthorized actions due to improper access control enforcement. An attacker with valid credentials could exploit this weakness to manipulate shipment tracking information or other protected resources without proper privilege verification. No patch is currently available for this vulnerability.
Server-side request forgery in the Kargo Takip WordPress plugin (versions through 1.2) allows unauthenticated remote attackers to coerce the site into issuing arbitrary HTTP requests via the 'api_url' parameter and to exfiltrate data from internal services. Because the plugin echoes the value of any 'auth' key from the JSON response back to the attacker, it enables direct retrieval of sensitive responses such as cloud instance metadata credentials. No public exploit identified at time of analysis, and the plugin is not listed in CISA KEV.
Kargo Takip versions prior to 0.2.4 contain a missing authorization vulnerability that allows authenticated users to modify data or perform unauthorized actions due to improper access control enforcement. An attacker with valid credentials could exploit this weakness to manipulate shipment tracking information or other protected resources without proper privilege verification. No patch is currently available for this vulnerability.