PostX WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress. This vulnerability exists in all versions through 5.0.8 and allows authenticated attackers with Administrator-level access to make web requests to arbitrary locations from the web application. The affected REST API endpoints are '/ultp/v3/starter_dummy_post/' and '/ultp/v3/starter_import_content/'. Exploitation of this vulnerability could be used to query and modify information from internal services.

Impact

Exploitation of this vulnerability could lead to unauthorized web requests being made from the server, potentially allowing attackers to access or manipulate internal resources or services.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can send a POST request to the '/ultp/v3/starter_dummy_post/' or '/ultp/v3/starter_import_content/' REST API endpoints. The request can include a parameter specifying an API endpoint to which the server will send a request. If the specified endpoint is not on the allowed list, the request will be denied.

Remediation

Users are advised to update the PostX WordPress plugin to version 5.0.9 or later, where this vulnerability has been patched.