WP Compress WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the WP Compress – Instant Performance & Speed Optimization plugin for WordPress, affecting all versions through 6.30.15. The vulnerability resides in the init() function, where unauthenticated attackers can send web requests to arbitrary locations, potentially accessing information from internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal or external resources, possibly leading to unauthorized information disclosure or interaction with internal services.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site with the 'apikey' parameter, targeting the 'wp-compress-image-optimizer/wp-compress.php' file. This can be done using a tool like cURL or Postman, or through a custom script that sends the appropriate HTTP headers and parameters. The request will be processed by the vulnerable 'init()' function, allowing for arbitrary web requests to be made from the server.

Remediation

Users are advised to update the WP Compress – Instant Performance & Speed Optimization plugin to version 6.30.16 or later.