GetContentFromURL WordPress Plugin Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the GetContentFromURL plugin for WordPress, affecting all versions through 1.0. The vulnerability arises because the plugin uses wp_remote_get() to retrieve content from user-supplied URLs via the 'url' parameter of the [gcfu] shortcode, instead of using the safer wp_safe_remote_get(). This flaw allows authenticated attackers with Contributor-level access and above to make requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an authenticated attacker can make requests to internal services or external systems on behalf of the server, potentially leading to unauthorized data access or modification.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the [gcfu] shortcode and include a URL that points to an internal service or an external system that the server can access. The plugin will then fetch content from that URL using wp_remote_get(), creating a Server-Side Request Forgery scenario.