WordPress Church Admin Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Church Admin plugin for WordPress, affecting all versions through 5.0.28. The vulnerability arises from inadequate validation of user-supplied URLs in the 'audio_url' parameter. This flaw allows authenticated attackers with Administrator-level access to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Impact

Exploitation of this vulnerability could lead to unauthorized web requests being made from the server, allowing attackers to interact with internal services and potentially manipulate sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator privileges can upload a sermon through the Church Admin plugin. During the upload process, the 'audio_url' parameter can be manipulated to include a URL pointing to an internal service or resource. Once the sermon is uploaded, the plugin will make a server-side request to the specified URL, bypassing any external network restrictions.

Remediation

Users are advised to update the Church Admin plugin to version 5.0.29 or later, where this vulnerability has been patched.