Your Friendly Drag and Drop Page Builder Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Your Friendly Drag and Drop Page Builder — Make Builder plugin for WordPress, affecting all versions through 1.1.10. The vulnerability arises in the make_builder_ajax_subscribe() function, allowing authenticated attackers with Subscriber-level access and above to send web requests to arbitrary locations from the web application. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, enabling attackers to make requests to internal services and potentially manipulate or access sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can use the WordPress admin interface. The vulnerability is triggered by the make_builder_ajax_subscribe() function, which can be accessed through an AJAX request. The request must include a 'url' parameter specifying the target of the SSRF attack and an 'email' parameter, which is required by the function but can be any valid email address.

Remediation

Users are advised to update the Make Builder plugin to version 1.1.11 or later.