Content Syndication Toolkit WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the Content Syndication Toolkit plugin for WordPress, affecting all versions through 1.3. The vulnerability arises from the plugin's proxy endpoint, which is accessible to unauthenticated users. The proxy method in the Redux_P class accepts a URL from the 'url' parameter without proper validation, allowing attackers to make requests to arbitrary locations. This could be exploited to access internal services, scan network ports, or interact with cloud metadata endpoints.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to make requests to internal services or external resources, potentially leading to unauthorized access or modification of data. It could also be used to scan internal network ports or interact with cloud metadata endpoints, depending on the server's configuration.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site's AJAX endpoint 'wp_ajax_nopriv_redux_p' with a 'url' parameter containing the target URL. The request can be made using a tool like cURL or Postman, or through a simple script that sends the appropriate AJAX request. Since the endpoint is accessible to unauthenticated users, no login or authentication is required.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.