The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24063
Reference (s):
- https://gist.github.com/Hakooraevil/264cb21034f946eee62371e9111c36bb
- https://github.com/CantoDAM/Canto-Wordpress-Plugin
- https://wordpress.org/plugins/canto/#developers
- https://www.canto.com/integrations/wordpress/