Q: What can hackers do? (Privileges/Data)

💀 **Privileges**: None needed (Unauthenticated). 📂 **Data**: Can read internal network data, scan ports, access cloud metadata (IMDS), or perform RFI. Full server-side reach.

Q: Is exploitation threshold high? (Auth/Config)

🔓 **Threshold**: LOW. 🚫 **Auth**: No authentication required. 🌐 **Config**: Just needs the vulnerable plugin/theme installed. Easy to trigger via simple HTTP requests.

Q: Is there a public Exp? (PoC/Wild Exploitation)

🔍 **Public Exp**: YES. 📜 **PoC**: Available via Nuclei templates (ProjectDiscovery). 🌍 **Wild Exp**: High risk due to simple SSRF nature. Automated scanners can detect this easily.

Q: How to self-check? (Features/Scanning)

🔎 **Self-Check**: Scan for OnAir2/KenthaRadio versions. 🧪 **Test**: Send request to the exposed proxy endpoint with a target URI (e.g., http://127.0.0.1). If it returns content, you are vulnerable.

Q: Is it fixed officially? (Patch/Mitigation)

🩹 **Fix**: Update OnAir2 to >= 3.9.9.2 OR QT KenthaRadio to >= 2.0.2. 📥 **Action**: Check WordPress dashboard for updates immediately.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: SSRF & RFI via exposed proxy. 📉 **Consequences**: Server fetches content from ANY URI. Attackers can bypass firewalls, access internal services, or include remote files. Critical integrity loss.

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **CWE-918**: Server-Side Request Forgery (SSRF). 🐛 **Flaw**: The plugin exposes a proxy function to **unauthenticated** users. No input validation on the target URI.

Question 3

Who is affected? (Versions/Components)

Accepted Answer

📦 **Affected**: WordPress Plugins. 📌 **Specifics**: OnAir2 theme < 3.9.9.2 AND QT KenthaRadio plugin < 2.0.2. 🏢 **Vendor**: QantumThemes.

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

💀 **Privileges**: None needed (Unauthenticated). 📂 **Data**: Can read internal network data, scan ports, access cloud metadata (IMDS), or perform RFI. Full server-side reach.

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

🔓 **Threshold**: LOW. 🚫 **Auth**: No authentication required. 🌐 **Config**: Just needs the vulnerable plugin/theme installed. Easy to trigger via simple HTTP requests.

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

🔍 **Public Exp**: YES. 📜 **PoC**: Available via Nuclei templates (ProjectDiscovery). 🌍 **Wild Exp**: High risk due to simple SSRF nature. Automated scanners can detect this easily.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔎 **Self-Check**: Scan for OnAir2/KenthaRadio versions. 🧪 **Test**: Send request to the exposed proxy endpoint with a target URI (e.g., http://127.0.0.1). If it returns content, you are vulnerable.

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

🩹 **Fix**: Update OnAir2 to >= 3.9.9.2 OR QT KenthaRadio to >= 2.0.2. 📥 **Action**: Check WordPress dashboard for updates immediately.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **No Patch?**: Disable the plugin/theme. 🛑 **WAF**: Block requests to the specific proxy endpoint. 🧱 **Network**: Restrict outbound traffic from the web server to prevent SSRF success.

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

⚡ **Priority**: HIGH. 🆘 **Urgency**: Critical because it requires NO auth. 📅 **Date**: Published Aug 2021. If still running old versions, patch NOW.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-24472 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring