CVE-2022-2912 The Craw Data WP plugin through 1.0.0 is vulnerable to SSRF as it doesn't have nonce checks.

To discover if you’re vulnerable to SSRF, you can attempt to perform a malicious search query. If you don’t have any plugin enabled that would allow someone to do so, you will get a 403 Not Found error message. The best way to determine if you’re vulnerable to SSRF is to conduct a scan of your own site. Plugins such as Sucuri, which monitor your site for any signs of hacking activity, will show a SSRF warning if you’re logged in as an admin where you can change the url value. This could allow an attacker to change the url value of a third-party site and force the site to load a malicious search query resulting in a potential for data theft. Because nonce checks are not implemented in 1.0.0, an attacker could make a logged in admin change the url value and perform a malicious craw.

2.0 – 1.0.0 Notifications Are Not Implemented

In the 1.0.0 release, CVE-2022-2912 was not implemented and notifications weren’t sent to admins when a nonce value is changed by an unauthorized user. This vulnerability could be exploited if someone were to access the admin panel of your website and make a change in the url value without logging in as an administrator.
This vulnerability can be avoided by implementing proper login security measures such as two-factor authentication.

SSRF Vulnerabilities with Sucuri

If you are using a plugin, such as Sucuri, to monitor your site for hacking activity, an alert will be triggered if an attacker attempts to exploit one of the SSRF vulnerabilities.
SSRF vulnerabilities leave entire systems vulnerable and can lead to a world of trouble. The good news is that they can be easily fixed by implementing nonce checks.
The first step in fixing this vulnerability is to ensure that you’re not vulnerable. To discover if you’re vulnerable, attempt a malicious search query. If you don’t have any plugins enabled that would allow someone to do so, your site should return a 403 error message.

What is SSRF?

SSRF stands for Server Side Request Forgery. It's a way to alter the behaviour of a website by forcing it to perform actions that you know how to do without actually having permission. By using an external site, like Google, as a 'hijacker', the attacker can modify the behavior of a website and potentially obtain data from the targeted website.

Timeline

Published on: 09/16/2022 09:15:00 UTC
Last modified on: 09/20/2022 17:40:00 UTC

References

• https://wpscan.com/vulnerability/fd9853e8-b3ae-4a10-8389-8a4a11a8297c
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2912