MimeTypes Link Icons WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the MimeTypes Link Icons plugin for WordPress, affecting all versions through 3.2.20. The vulnerability arises because the plugin allows outbound HTTP requests to user-controlled URLs without adequate validation, particularly when the 'Show file size' option is activated. This flaw enables authenticated attackers with Contributor-level access or higher to send web requests to arbitrary locations from the web application. Exploitation could involve querying and modifying information from internal services using crafted links embedded in post content.

Impact

Exploitation of this vulnerability could lead to unauthorized web requests being made to internal services, potentially allowing attackers to access or modify sensitive information.

Reproduction

To reproduce this vulnerability, activate the MimeTypes Link Icons plugin and enable the 'Show file size' option. Then, create a post containing a link that points to an internal service or resource. When the post is published, the plugin will make an unvalidated HTTP request to the URL specified in the link, effectively exploiting the SSRF vulnerability.