Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1386 PoC — Fusion Builder < 3.6.2 - Unauthenticated SSRF

Source
https://github.com/fayassgit/CVE-2022-1386-FusionBuilder-SSRF
Associated Vulnerability
Title:Fusion Builder < 3.6.2 - Unauthenticated SSRF (CVE-2022-1386)
Description:The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
Description
Unauthenticated SSRF PoC in WordPress Fusion Builder <3.6.2 (CVE-2022-1386)
Readme
# CVE-2022-1386 – Fusion Builder < 3.6.2 - Unauthenticated SSRF

## 💥 Description

Unauthenticated Server-Side Request Forgery (SSRF) in the Fusion Builder plugin (used by the Avada WordPress theme) prior to version 3.6.2.  
Allows attackers to make HTTP requests to arbitrary URLs, potentially targeting internal services.

## 🛡 Affected Product

- Fusion Builder < 3.6.2
- Avada Theme installations using vulnerable Fusion Builder plugin

## 🔍 CVE Details

- **CVE**: [CVE-2022-1386](https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b)
- **Severity**: Critical
- **Vector**: Unauthenticated HTTP POST to `admin-ajax.php`

## 🧪 PoC Usage

```bash
python3 exploit_cve_2022_1386.py <target_url> <your_callback_url>
```

Example:
```bash
python3 exploit_cve_2022_1386.py https://vulnerable.site https://abc123.oast.fun
```

Use Interact.sh or [Burp Collaborator] to receive the callback.

📋 Sample Output
```bash
[*] Fetching nonce from target...
[*] Sending SSRF payload to https://abc123.oast.fun...
[+] SSRF confirmed: received callback from victim server.
```

📌 Notes
This PoC avoids data exfiltration.
Ethical usage only: do not exploit systems without authorization.

📚 References
https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b
https://theme-fusion.com/documentation/avada/fusion-builder-changelog/
File Snapshot

 [4.0K]  /data/pocs/a6877fd23a8ee54db922171a2e6b83804c21ee85
├── [3.5K]  exploit_cve_2022_1386.py
├── [1.3K]  README.md
└── [  17]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →