The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomainSSRF.
Publication date: Mon, 30 Nov 2020 20:15:00 +0000