WordPress BerqWP plugin <= 1.7.5 - Ongemachtigde Non-Blind Server Side Request Forgery (SSRF) kwetsbaarheid
Platform
wordpress
Component
searchpro
Opgelost in
1.7.6
CVE-2024-37942 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the BerqWP WordPress plugin. This flaw allows attackers to manipulate the plugin into making requests to unintended internal or external resources, potentially leading to unauthorized data access or system compromise. The vulnerability impacts versions of BerqWP up to and including 1.7.5, with a fix released in version 1.7.6.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
The SSRF vulnerability in BerqWP allows an attacker to craft malicious requests that the plugin will execute on behalf of the server. This can be exploited to access internal services that are not directly exposed to the internet, such as administrative panels, databases, or other sensitive resources. An attacker could potentially read sensitive data, modify configurations, or even gain a foothold for further attacks. The impact is amplified if the BerqWP plugin is used in conjunction with other plugins or services that rely on its functionality, as the SSRF vulnerability could be leveraged to compromise those systems as well. While no specific real-world exploitation has been publicly reported, SSRF vulnerabilities are frequently targeted due to their ease of exploitation and potential for significant impact.
Uitbuitingscontextwordt vertaald…
CVE-2024-37942 was publicly disclosed on 2024-07-22. As of this date, it is not listed on the CISA KEV catalog. There are currently no publicly available proof-of-concept exploits, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. The EPSS score is likely to be medium, given the relatively straightforward nature of SSRF exploitation and the widespread use of WordPress plugins.
Wie Loopt Risicowordt vertaald…
Websites utilizing the BerqWP plugin, particularly those running older versions (≤1.7.5), are at risk. Shared hosting environments are especially vulnerable as they often have limited control over plugin updates and security configurations. Sites that rely on BerqWP for integration with internal services or APIs are also at increased risk, as the SSRF vulnerability could be used to bypass security controls and access sensitive data.
Detectiestappenwordt vertaald…
• wordpress / composer / npm:
grep -r 'wp_remote_get' /var/www/html/wp-content/plugins/berqwp/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/berqwp/ | grep -i 'server:'• wordpress / composer / npm:
wp plugin list --status=active | grep berqwpAanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.34% (56% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Gewijzigd — aanval kan voorbij het kwetsbare component uitbreiden naar andere systemen.
- Confidentiality
- Laag — gedeeltelijke toegang tot enkele gegevens.
- Integrity
- Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Pakketinformatie
- Actieve installaties
- 3KBekend
- Plugin-beoordeling
- 4.2
- Vereist WordPress
- 5.3+
- Compatibel tot
- 7.0
- Vereist PHP
- 7.4+
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2024-37942 is to immediately upgrade the BerqWP plugin to version 1.7.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These include configuring a Web Application Firewall (WAF) to block suspicious outbound requests originating from the BerqWP plugin. Additionally, implement strict input validation to sanitize any user-supplied data that is used to construct URLs within the plugin. Monitor server logs for unusual outbound requests that may indicate exploitation attempts. After upgrading, verify the fix by attempting to trigger the SSRF vulnerability using a known payload and confirming that the request is blocked or handled safely.
Hoe te verhelpen
Werk de BerqWP plugin bij naar een versie hoger dan 1.7.5. Dit zal de SSRF kwetsbaarheid oplossen. Indien er geen versie beschikbaar is, overweeg dan om de plugin uit te schakelen totdat een update is gepubliceerd.
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2024-37942 — SSRF in BerqWP?
CVE-2024-37942 is a Server-Side Request Forgery vulnerability affecting the BerqWP WordPress plugin, allowing attackers to make unauthorized requests.
Am I affected by CVE-2024-37942 in BerqWP?
Yes, if you are using BerqWP version 1.7.5 or earlier, you are vulnerable to this SSRF vulnerability.
How do I fix CVE-2024-37942 in BerqWP?
Upgrade BerqWP to version 1.7.6 or later to resolve the vulnerability. Implement WAF rules as a temporary workaround.
Is CVE-2024-37942 being actively exploited?
While no active exploitation has been publicly confirmed, the SSRF nature of the vulnerability makes it a likely target.
Where can I find the official BerqWP advisory for CVE-2024-37942?
Refer to the Berqier Ltd website and WordPress plugin repository for the official advisory and update information.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.