WordPress Export and Import Users and Customers Plugin Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the WordPress Export and Import Users and Customers plugin, affecting all versions through 2.6.2. The vulnerability arises in the validate_file() function, allowing authenticated attackers with Administrator-level access to make web requests to arbitrary locations. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, enabling attackers to make requests from the vulnerable server to internal services or external systems, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can upload a file through the import feature of the plugin. The validate_file() function will process the uploaded file. By crafting specific form data, it's possible to exploit the SSRF vulnerability, causing the server to make requests to internal services or external locations.

Remediation

Users are advised to update the WordPress Export and Import Users and Customers plugin to version 2.6.3 or later, where this vulnerability has been patched.