CVE-2024-4260
CoBlocks < 3.1.12 - Contributor+ SSRFThe Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
We have discovered 279,270 live websites that are affected by CVE-2024-4260.
Affected Software
| Product |  GoDaddy CoBlocks |
| Category | Wordpress Plugins |
| Vulnerable Domains | 279,270 live websites (81.53% of GoDaddy CoBlocks install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 124 versions ( 96.88% of all versions) |
Common Weakness Enumeration
CWE-918 Server-Side Request Forgery (SSRF)Details
- Published - Jul 23, 2024
- Updated - Aug 1, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-4260 usage by Country
 United States | 270,590 websites |
 Germany | 1,887 websites |
 GB | 1,329 websites |
 France | 500 websites |
 Japan | 456 websites |
 Netherlands | 433 websites |
 Switzerland | 317 websites |
 Canada | 282 websites |
 Italy | 258 websites |
 Australia | 242 websites |
CVE-2024-4260 usage by TLD
| .com | 204,650 websites |
| .org | 20,941 websites |
| .net | 9,685 websites |
| .co.uk | 4,229 websites |
| .ca | 3,104 websites |
| .fr | 1,730 websites |
| .de | 1,538 websites |
| .nl | 1,256 websites |
| .com.au | 1,192 websites |
| .ch | 860 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4260
Top websites that are affected by CVE-2024-4260. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | ** | |
| ********.*********.com | United States | ** | |
| **********.com | United States | *** | |
| ********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| ********.org | United States | *,*** | |
| ****************.com | United States | *,*** |
FAQ
CVE-2024-4260 is Server-Side Request Forgery (SSRF) in GoDaddy CoBlocks
A total of 279,270 websites have been identified as vulnerable to CVE-2024-4260, discovered through global website indexing conducted by WebTechSurvey.
GoDaddy CoBlocks is susceptible to CVE-2024-4260 vulnerability.
GoDaddy CoBlocks versions before 3.1.12 are vulnerable to CVE-2024-4260.
Version 3.1.12 of GoDaddy CoBlocks addresses the CVE-2024-4260 security vulnerability.