CVE-2026-0807

Published: Gen 24, 2026 Last Modified: Gen 26, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the 'url' parameter in the 'template_proxy' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application via the '/template-proxy/' and '/proxy-image/' endpoint.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 3 Days)

918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
View CWE Details
https://plugins.trac.wordpress.org/browser/frontis-blocks/t…
https://plugins.trac.wordpress.org/browser/frontis-blocks/tags/1.1.4/includes/A…
https://plugins.trac.wordpress.org/browser/frontis-blocks/t…
https://plugins.trac.wordpress.org/browser/frontis-blocks/trunk/includes/Admin/…
https://plugins.trac.wordpress.org/changeset/3444616/
https://plugins.trac.wordpress.org/changeset/3444616/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3…
https://www.wordfence.com/threat-intel/vulnerabilities/id/322e0a27-9119-4b46-a0…