Plattform
wordpress
Komponente
qt-kentharadio
Behoben in
2.0.2
3.9.9.2
3.9.9.2
2.0.2
CVE-2021-24472 describes a critical Server-Side Request Forgery (SSRF) vulnerability affecting the KenthaRadio WordPress plugin, an addon for the Kentha Music WordPress theme. This flaw allows unauthenticated attackers to send arbitrary requests through the plugin's proxy functionality, potentially exposing sensitive internal resources or enabling Remote File Inclusion (RFI). The vulnerability impacts versions of the plugin up to and including 2.0.2, with a fix available in version 2.0.2.
The exposed proxy functionality in KenthaRadio allows attackers to craft requests that the web server will then fulfill and display. This opens the door to several severe consequences. An attacker could leverage SSRF to scan internal networks, access sensitive data stored behind firewalls (e.g., database credentials, API keys), or interact with internal services without proper authentication. The RFI component allows an attacker to include remote files, potentially executing arbitrary code on the server and gaining complete control. The lack of authentication requirements makes this vulnerability particularly dangerous, as any unauthenticated user can exploit it.
CVE-2021-24472 was publicly disclosed on June 28, 2021. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. Public proof-of-concept exploits are likely to emerge. This vulnerability shares characteristics with other SSRF vulnerabilities, potentially leading to similar exploitation patterns. It is not currently listed on the CISA KEV catalog.
Websites utilizing the KenthaRadio WordPress plugin, particularly those running older versions (≤2.0.2), are at significant risk. Shared hosting environments are especially vulnerable as they often lack granular control over plugin configurations and updates. WordPress installations with limited security hardening and inadequate WAF protection are also highly susceptible to exploitation.
• wordpress / composer / npm:
grep -r 'kentharadio_proxy' /var/www/html/wp-content/plugins/kentha-radio/• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/kentha-radio/?kentharadio_proxy=http://internal-service/'• wordpress / composer / npm:
wp plugin list --status=all | grep kentha-radiodisclosure
Exploit-Status
EPSS
89.82% (100% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-24472 is to immediately upgrade the KenthaRadio WordPress plugin to version 2.0.2 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests to the vulnerable proxy endpoint. Specifically, block requests containing suspicious URI schemes or patterns indicative of SSRF attempts. Regularly review WordPress plugin installations and ensure they are from trusted sources. Monitor web server access logs for unusual outbound requests originating from the KenthaRadio plugin.
Aktualisieren Sie auf Version 2.0.2 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-24472 is a critical SSRF vulnerability in the KenthaRadio WordPress plugin, allowing attackers to send requests through the plugin's proxy, potentially leading to RFI.
You are affected if you are using the KenthaRadio WordPress plugin version 2.0.2 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade the KenthaRadio plugin to version 2.0.2 or later. Consider implementing a WAF rule to block requests to the vulnerable proxy endpoint as a temporary workaround.
While no confirmed active exploitation campaigns are publicly known, the availability of a public proof-of-concept increases the risk of exploitation.
Refer to the KenthaRadio plugin documentation and WordPress security announcements for the official advisory regarding CVE-2021-24472.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.