Real Cookie Banner WordPress Plugin Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress, affecting all versions through 5.2.4. The vulnerability arises from inadequate validation of user-supplied URLs in the '/scanner/scan-without-login' REST API endpoint. This flaw allows authenticated attackers with administrator-level access to send web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services using the 'url' parameter.

Impact

Exploitation of this vulnerability allows authenticated administrators to perform SSRF attacks, which can include accessing internal services, server metadata, or files via 'file://' URIs.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator privileges can send a request to the '/scanner/scan-without-login' endpoint with a crafted URL that points to an internal resource or service. The request will be processed by the server, which will then access the specified URL, bypassing normal external access restrictions.

Remediation

Users are advised to update the Real Cookie Banner plugin to version 5.2.5 or later.