WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
Description
WordPress Plugin Canto is prone to multiple server-side request forgery vulnerabilities. An attacker may leverage these issues to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Canto version 1.7.0 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available