CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489

1489 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-1812	Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url — Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder	7.2	High	2024-04-09
CVE-2023-6964	Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	8.5	High	2024-04-09
CVE-2024-2343	Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action — Avada \| Website Builder For WordPress & WooCommerce	6.4	Medium	2024-04-09
CVE-2024-1233	Eap: wildfly-elytron has a ssrf security issue	7.3	High	2024-04-09
CVE-2024-27898	Server-Side Request Forgery in SAP NetWeaver — SAP NetWeaver	5.3	Medium	2024-04-09
CVE-2024-31288	WordPress RapidLoad plugin <= 2.2.11 - Server Side Request Forgery (SSRF) vulnerability — RapidLoad Power-Up for Autoptimize	7.2	High	2024-04-07
CVE-2024-31215	Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check — Mobile-Security-Framework-MobSF	6.3	Medium	2024-04-04
CVE-2024-29007	Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences — Apache CloudStack	8.1	-	2024-04-04
CVE-2024-20332	Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software	5.5	Medium	2024-04-03
CVE-2024-30531	WordPress Nelio Content plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability — Nelio Content	4.9	Medium	2024-04-02
CVE-2024-30532	WordPress Builderall Builder for WordPress plugin <= 2.0.1 - Server Side Request Forgery (SSRF) vulnerability — Builderall Builder for WordPress	4.9	Medium	2024-04-02
CVE-2024-24888	WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.25 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence Blocks	6.4	Medium	2024-04-02
CVE-2024-30453	WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability — Brave Popup Builder	5.4	Medium	2024-03-29
CVE-2024-27775	SysAid - CWE-918: Server-Side Request Forgery (SSRF) — SysAid	7.2	High	2024-03-28
CVE-2023-50374	WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability — CMP – Coming Soon & Maintenance	5.5	Medium	2024-03-28
CVE-2023-34370	Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins — Starter Templates — Elementor, WordPress & Beaver Builder Templates	7.1	High	2024-03-28
CVE-2023-36679	WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability — Spectra	7.1	High	2024-03-28
CVE-2023-39313	WordPress Avada theme <= 7.11.1 - Authenticated Server Side Request Forgery (SSRF) vulnerability — Avada	7.7	High	2024-03-28
CVE-2024-23500	WordPress Kadence Blocks plugin <= 3.2.19 - Server Side Request Forgery (SSRF) vulnerability — Gutenberg Blocks by Kadence Blocks	7.7	High	2024-03-28
CVE-2024-29090	WordPress AI Engine plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability — AI Engine: ChatGPT Chatbot	6.8	Medium	2024-03-28
CVE-2024-2206	SSRF Vulnerability in gradio-app/gradio — gradio-app/gradio	7.1	-	2024-03-27
CVE-2024-29190	MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns) — Mobile-Security-Framework-MobSF	7.5	High	2024-03-22
CVE-2024-2828	lakernote EasyAdmin IndexController.java thumbnail server-side request forgery — EasyAdmin	6.3	Medium	2024-03-22
CVE-2024-2827	lakernote EasyAdmin saveReportFile server-side request forgery — EasyAdmin	6.3	Medium	2024-03-22
CVE-2024-27098	Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI — glpi	6.4	Medium	2024-03-18
CVE-2024-28752	Apache CXF SSRF Vulnerability using the Aegis databinding — Apache CXF	9.1	-	2024-03-15
CVE-2024-1884	Server Side Request Forgery in PaperCut NG/MF — PaperCut NG, PaperCut MF	6.5	Medium	2024-03-14
CVE-2024-2049	Server-Side Request Forgery (SSRF) — Citrix SD-WAN Standard/Premium Editions	6.5	Medium	2024-03-12
CVE-2023-49785	NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting — NextChat	9.1	Critical	2024-03-11
CVE-2024-27927	RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4 — RSSHub	6.5	Medium	2024-03-06

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1489