This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SSRF in WPB Show Core via `path` param. π **Consequences**: Server makes requests to arbitrary URLs. π **Impact**: Potential internal network scanning or data exfiltration.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE**: SSRF (Server-Side Request Forgery). π **Flaw**: Unvalidated `path` parameter in `download-file.php`. π₯ **Root**: Trusts user input for server-side HTTP requests.
Q3Who is affected? (Versions/Components)
π¦ **Product**: WordPress Plugin: WPB Show Core. π **Version**: 2.2 and earlier. π’ **Vendor**: Unknown/Community Plugin.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Action**: Force server to fetch internal/private URLs. π **Data**: Access internal services, metadata, or bypass firewalls. π **Privilege**: Unauthenticated access required.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth**: None required (Unauthenticated). βοΈ **Config**: Standard plugin installation. π **Threshold**: LOW. Easy to trigger via HTTP request.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **PoC**: Yes, available via Nuclei templates. π **Link**: projectdiscovery/nuclei-templates. π **Exploit**: Publicly known, automated scanning likely.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `download-file.php` with malicious `path`. π οΈ **Tool**: Nuclei, Burp Suite. π **Feature**: Look for SSRF patterns in plugin endpoints.