Gutenberg Essential Blocks Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress, affecting all versions through 5.7.1. The vulnerability arises in the 'eb_save_ai_generated_image' function, allowing authenticated attackers with Author-level access and above to make web requests to arbitrary locations from the web application. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make requests from the server to internal services, potentially leading to unauthorized data access or modification.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can send a request to the 'wp_ajax_save_ai_generated_image' action. This request must include a valid 'admin_nonce' for authentication, as well as either an 'image_url' or 'image_b64' parameter, along with a 'prompt' for the image generation. The absence of these parameters or a valid nonce will result in an error response.

Remediation

Users are advised to update the Gutenberg Essential Blocks plugin to version 5.7.2 or later.