VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Apr 16, 2026

Canto Vulnerabilities

Review known vulnerability records for the WordPress plugin Canto (`canto`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-6441, CVE-2026-3335 and CVE-2024-4936, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
7
Patch Coverage
100%
Last Updated
Apr 16, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Canto so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 4 high severity findings.
Recent CVEs
CVE-2026-6441, CVE-2026-3335 and CVE-2024-4936
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Canto

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2026-6441
Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions() function, which is exposed via two AJAX hooks: wp_ajax_updateOptions (class...

Published
Apr 16, 2026
Patched Release
Not published
Affected Versions
Versions up to 3.1.1
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Medium Patched: No CVE-2026-3335
Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload

The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the `/wp-content/plugins/canto/includes/lib/copy-media.php` file. This is due to the file being directly accessible without any authentication, authorization, or...

Published
Mar 20, 2026
Patched Release
Not published
Affected Versions
Versions up to 3.1.1
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-4936
Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allo...

Published
Jun 13, 2024
Patched Release
3.0.9
Affected Versions
Versions up to 3.0.8
Next Step
Update to 3.0.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-25096
Canto <= 3.0.6 - Remote File Inclusion to Code Execution

The Canto plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.0.6 via the 'abspath' parameter. This is due to the use of the include_once statement on the parameter allowing remote file inclusion. This makes it possible for unauthen...

Published
Feb 12, 2024
Patched Release
3.0.7
Affected Versions
Versions up to 3.0.6
Next Step
Update to 3.0.7 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2023-3452
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabl...

Published
Aug 09, 2023
Patched Release
3.0.5
Affected Versions
Versions up to 3.0.4
Next Step
Update to 3.0.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2020-28976
Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php

The Canto plugin 1.9.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

Published
Dec 04, 2020
Patched Release
2.0.1
Affected Versions
Versions up to 1.9.0
Next Step
Update to 2.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2020-24063
Canto <= 1.9.0 - Blind Server-Side Request Forgery via download.php

The Canto plugin 2.1.1 for WordPress allows includes/lib/download.php?subdomain= SSRF.

Published
Nov 30, 2020
Patched Release
2.0.1
Affected Versions
Versions up to 1.9.0
Next Step
Update to 2.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2020-28978
Canto <= 1.9.0 - Blind Server-Side Request Forgery via tree.php

The Canto plugin 1.9.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

Published
Mar 12, 2020
Patched Release
2.0.1
Affected Versions
Versions before 2.0.1
Next Step
Update to 2.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2020-28977
Canto <= 1.9.0 - Blind Server-Side Request Forgery via get.php

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

Published
Mar 12, 2020
Patched Release
2.0.1
Affected Versions
Versions up to 1.9.0
Next Step
Update to 2.0.1 or newer if supported.
Open Full Report Open CVE Reference