WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF

Description

The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

Proof of Concept

Put an internal/LAN URL such as below in the file upload by URL function

https://127.0.0.1:8080
http://192.168.0.224:8181/?u=https://docs.google.com/

Affects Plugins

wp-ultimate-csv-importer
Fixed in version 6.5.3

References

CVE
CVE-2022-1977

Classification

Type

SSRF

OWASP top 10
A1: Injection
CWE
CWE-918

Miscellaneous

Original Researcher

Luan Pedersini

Submitter

IBLISS Digital Security

Submitter website
https://ibliss.com.br
Verified

Yes

WPVDB ID
1b640519-75e1-48cb-944e-b9bff9de6d3d

Timeline

Publicly Published

2022-06-02 (about 3 months ago)

Added

2022-06-02 (about 3 months ago)

Last Updated

2022-06-02 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin