Orbit Fox WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Orbit Fox WordPress plugin, specifically in versions prior to 3.0.2. The vulnerability arises because the plugin's stock photo import feature does not restrict the URLs that users can submit, allowing for arbitrary URL input. This lack of validation enables users to force the server to access any URL of their choice.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server into making requests to unintended locations, potentially leading to the exposure of internal resources or information.

Reproduction

To reproduce this vulnerability, create a post in WordPress and click the camera icon to access the stock photo import feature. Intercept the request to 'wp-admin/admin-ajax.php' and replace the URL parameter with a URL of choice, such as one from Webhook.site or an internal URL. Once the request is sent, the server will access the substituted URL, demonstrating the SSRF vulnerability.

Remediation

Users are advised to update the Orbit Fox WordPress plugin to version 3.0.2 or later.