CVE-2021-24371 Information
Description
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it without first validating it to ensure it’s a remote one. As a result a high privilege user could use that feature to scan the internal network via a SSRF attack.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Reference
https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/ The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it without first validating it to ensure it’s a remote one. As a result a high privilege user could use that feature to scan the internal network via a SSRF attack.
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
2.7
Share on: