CVE-2026-33407 | ellite Wallos up to 4.6.x Endpoint search.php HTTP_PROXY/HTTPS_PROXY server-side request forgery

Inserito da Angelo Barbosa | Mar 24, 2026 | CVE

A vulnerability, which was classified as critical, has been found in ellite Wallos up to 4.6.x. This issue affects some unknown processing of the file endpoints/logos/search.php of the component Endpoint. The manipulation of the argument HTTP_PROXY/HTTPS_PROXY leads to server-side request forgery.

This vulnerability is traded as CVE-2026-33407. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-33407 | ellite Wallos up to 4.6.x Endpoint search.php HTTP_PROXY/HTTPS_PROXY server-side request forgery

Post correlati

CVE-2022-23179 | Contact Form & Lead Form Elementor Builder Plugin up to 1.6.x on WordPress cross site scripting

CVE-2024-7514 | Comments Import & Export Plugin up to 2.3.7 on WordPress path traversal

CVE-2024-56224 | Ledenbeheer Plugin up to 2.1.0 on WordPress cross site scripting

CVE-2025-54905 | Microsoft