WordPress Plugin Vulnerabilities

JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF

Description

The plugin does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

Proof of Concept

[wpfgc url="http://127.0.0.1:8084"]

Affects Plugins

Plugin icon
wp-file-get-contents
Fixed in 2.7.1

References

CVE
CVE-2023-6991

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
0b92becb-8a47-48fd-82e8-f7641cf5c9bc

Timeline

Publicly Published
2023-12-21 (about 4 months ago)
Added
2023-12-21 (about 4 months ago)
Last Updated
2023-12-21 (about 4 months ago)

Other

Published
Title
Published
2024-03-26
Title
AI Engine < 2.1.5 - Authenticated (Editor+) Server-Side Request Forgery
Published
2022-04-19
Title
Fusion Builder < 3.6.2 - Unauthenticated SSRF
Published
2024-03-27
Title
CMP – Coming Soon & Maintenance < 4.1.11 - Authenticated (Admin+) Server-Side Request Forgery
Published
2024-04-22
Title
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2021-09-21
Title
Telefication <= 1.8.0 - Open Relay & Server-Side Request Forgery