WordPress Plugin Vulnerabilities
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF
Description
The theme and plugin have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.
Proof of Concept
https://demo.pro.radio/wp1/home-18/?qtproxycall=https://raw.githubusercontent.com/wpscanteam/wpscan/master/README.md
Affects Plugins
Affects Themes
Fixed in 3.9.9.2
References
CVE
Classification
Type
RFI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Andreas Klöbl
Submitter
Andreas Klöbl
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-28 (about 2 years ago)
Added
2021-06-28 (about 2 years ago)
Last Updated
2021-08-10 (about 2 years ago)