WowOptin Next-Gen Popup Maker WordPress Plugin Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the WowOptin: Next-Gen Popup Maker plugin for WordPress, affecting all versions through 1.4.29. The vulnerability arises from a publicly accessible REST API endpoint that allows unauthenticated users to send requests to arbitrary URLs. This is possible because the plugin does not validate or restrict user-supplied URLs before passing them to WordPress's HTTP request functions. Exploitation of this vulnerability could enable attackers to access or modify information from internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make requests from the server to internal services or external resources, potentially leading to unauthorized information disclosure or modification.

Reproduction

To reproduce this vulnerability, send a POST request to the 'optn/v1/integration-action' endpoint with a 'link' parameter containing a URL. The request can be made without authentication, and the plugin will forward the URL to 'wp_remote_get()' or 'wp_remote_post()' without any validation, allowing for arbitrary requests to be made from the server.

Remediation

Users are advised to update the WowOptin: Next-Gen Popup Maker plugin to version 1.4.30 or later, where this vulnerability has been patched.