Lucene search

K
wpexploitDmitrii IgnatyevWPEX-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7
HistoryMar 07, 2024 - 12:00 a.m.

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

2024-03-0700:00:00
Dmitrii Ignatyev
24
pz-linkcard
version 2.5.3
contributor+
ssrf
exploit
post draft
internal server

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the following shortcode in a post and save its draft: [blogcard url="http://127.0.0.1:9000"]

Notice that the internal server (localhost:9000) received the request when the draft was saved

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

Related for WPEX-ID:0F7757C9-69FA-49DB-90B0-40F0FF29BEE7