Getwid < 1.8.4 – Subscriber+ SSRF | CVE 2023-1895

Description

The plugin does not validate a parameter via the get_remote_content REST API endpoint before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attack.

Note: We do not consider flushing of cache to be a security issue, therefore CVE-2023-1910 has not been added.

Proof of Concept

https://example.com/?rest_route=/getwid/v1/get_remote_content&get_content_url=http://127.0.0.1/

Affects Plugins

getwid

Fixed in 1.8.4

References

CVE

CVE-2023-1895

URL

https://www.wordfence.com/blog/2023/06/credential-stealing-server-side-request-forgery-patched-in-getwid/

Classification

Type

SSRF

OWASP top 10

A1: Injection

CWE

CWE-918

CVSS

5.0 (medium)

Miscellaneous

Original Researcher

Ramuel Gall

Verified

Yes

WPVDB ID

4977abce-12c7-4ef4-9bdd-b76e42e78f23

Timeline

Publicly Published

2023-06-06 (about 2 years ago)

Added

2023-06-07 (about 2 years ago)

Last Updated

2023-06-07 (about 2 years ago)

Other

Published

Title

Published

2025-06-05

Title

Car Repair Services <= 5.0 - Unauthenticated Server-Side Request Forgery

Published

2024-06-20

Title

WP Scraper < 5.8.1 - Authenticated (Subscriber+) Server-Side Request Forgery

Published

2026-01-01

Title

WP Import – Ultimate CSV XML Importer for WordPress < 7.36 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass

Published

2026-02-17

Title

Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ SSRF

Published

2025-07-03

Title

Allmart <= 1.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery