Pdf Generator For Wordpress
Monthly
Server-Side Request Forgery in WP Swings' PDF Generator for WordPress plugin (all versions up to and including 1.6.2) lets remote attackers coerce the WordPress server into issuing attacker-controlled outbound requests, with a scope-changed impact reaching adjacent internal systems. Reported by Patchstack and tracked as CWE-918 with a CVSS 3.1 base score of 7.2, it currently has no public exploit identified at time of analysis and is not listed in CISA KEV. Because the scope is changed (S:C), successful abuse can pivot the server against internal metadata endpoints, intranet services, or cloud IMDS resources beyond the WordPress host itself.
Server-Side Request Forgery in WP Swings' PDF Generator for WordPress plugin (all versions up to and including 1.6.2) lets remote attackers coerce the WordPress server into issuing attacker-controlled outbound requests, with a scope-changed impact reaching adjacent internal systems. Reported by Patchstack and tracked as CWE-918 with a CVSS 3.1 base score of 7.2, it currently has no public exploit identified at time of analysis and is not listed in CISA KEV. Because the scope is changed (S:C), successful abuse can pivot the server against internal metadata endpoints, intranet services, or cloud IMDS resources beyond the WordPress host itself.