WordPress Eventin Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the WordPress Eventin plugin, specifically in the Events Calendar, Event Booking, Registrations, and Event Tickets components. This vulnerability affects all versions through 4.0.37 and allows unauthenticated attackers to make web requests to arbitrary locations from the web application. Exploitation of this vulnerability could be used to query and modify information from internal services.

Impact

Exploitation of this vulnerability could lead to unauthorized web requests being made from the server, potentially allowing attackers to access or manipulate internal resources or services.

Reproduction

The vulnerability can be reproduced by sending a request to the 'proxy_image' action with a 'url' parameter that points to an internal service or resource. The 'proxy_image' function will validate the URL and, if it passes the checks, fetch the content from the specified URL. This behavior can be exploited to access internal services that are not exposed to the public.

Remediation

Users are advised to update the WordPress Eventin plugin to version 4.0.38 or later.