Description Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). Remediation References CVE-2020-28735 Related Vulnerabilities WordPress Plugin Software License Manager Cross-Site Scripting (4.4.7) WordPress Plugin Events Manager CSV Injection (5.9.7.1) WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Security Bypass (5.0.1.7) WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1) WordPress Plugin WPtouch 'wptouch_redirect' Parameter URI Redirection (1.9.32) Severity High Classification CVE-2020-28735 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities