CVE-2021-24371 - Vulnerability Details - OpenCVE

The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00224.

Key SSVC decision points have not yet been added.

Vendors	Products
Carrcommunications	Rsvpmaker

Configuration 1 [-]

cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-11284	The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/
https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-08-02T10:31:53

Updated: 2024-08-03T19:28:23.827Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24371

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-02T11:15:08.590

Modified: 2024-11-21T05:52:56.100

Link: CVE-2021-24371

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "RSVPMaker", "vendor": "Unknown", "versions": [{"lessThan": "8.7.3", "status": "affected", "version": "8.7.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Shreya Pohekar of Codevigilant Project"}], "descriptions": [{"lang": "en", "value": "The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T10:31:53", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d"}, {"tags": ["x_refsource_MISC"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/"}], "source": {"discovery": "UNKNOWN"}, "title": "RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24371", "STATE": "PUBLIC", "TITLE": "RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RSVPMaker", "version": {"version_data": [{"version_affected": "<", "version_name": "8.7.3", "version_value": "8.7.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Shreya Pohekar of Codevigilant Project"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d"}, {"name": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/", "refsource": "MISC", "url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:28:23.827Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24371", "datePublished": "2021-08-02T10:31:53", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:28:23.827Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BFB474F8-B7BD-4735-A452-2FC6E4736282", "versionEndExcluding": "8.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack."}, {"lang": "es", "value": "La funcionalidad Import del plugin RSVPMaker de WordPress versiones anteriores a 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) toma una entrada de URL y llama a curl sobre ella, sin comprobarla primero para asegurarse de que es una remota. Como resultado, un usuario con altos privilegios podr\u00eda usar esa funcionalidad para escanear la red interna por medio de un ataque SSRF"}], "id": "CVE-2021-24371", "lastModified": "2024-11-21T05:52:56.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-02T11:15:08.590", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-rsvpmaker/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/63be225c-ebee-4cac-b43e-cf033ee7425d"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "contact@wpscan.com", "type": "Secondary"}]}