CoBlocks < 3.1.12 – Contributor+ SSRF | CVE 2024-4260 | Plugin Vulnerabilities

Description

The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Proof of Concept

You should create a new block and add here "Events" block. Put inside http://127.0.0.1:XXXX/. If an error appears after clicking the "Use URL" button, it means that the port is closed, and if there is an empty screen, then the port is open

Affects Plugins

Fixed in 3.1.12

References

CVE

URL

https://research.cleantalk.org/cve-2024-4260/

Classification

Type

SSRF

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

69f33e20-8ff4-491c-8f37-a4eadd4ea8cf

Timeline

Publicly Published

2024-07-02 (about 1 year ago)

Added

2024-07-02 (about 1 year ago)

Last Updated

2024-07-02 (about 1 year ago)

Other

Published

Title

Published

2025-04-01

Title

WP Optin Wheel < 1.4.8 - Admin+ SSRF

Published

2024-04-09

Title

Kadence Blocks < 3.2.12 - Contributor+ Server-Side Request Forgery

Published

2023-05-15

Title

Essential Addons for Elementor Pro < 5.4.9 - Unauthenticated SSRF

Published

2024-05-10

Title

ShortPixel Adaptive Images < 3.8.4 - Authenticated (Admin+) Server-Side Request Forgery

Published

2024-03-13

Title

Automatic < 3.92.1 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery