Ninja Tables WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Ninja Tables – Easy Data Table Builder plugin for WordPress, affecting all versions through 5.0.18. The vulnerability arises from the args[url] parameter, allowing unauthenticated attackers to send web requests to arbitrary locations from the web application. This could be exploited to query and modify information from internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, enabling attackers to make requests from the server to internal services or external resources, potentially leading to unauthorized information disclosure or modification.

Reproduction

The vulnerability can be reproduced by sending a request to the WordPress site with the args[url] parameter set to a target URL. This can be done using a tool like Postman or through a custom script that interacts with the WordPress REST API or admin-ajax.php. The request can be made without authentication, exploiting the lack of validation on the URL parameter.

Remediation

Users are advised to update the Ninja Tables WordPress plugin to version 5.0.19 or later.