CVE-2022-2633 Scanner
Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in All-in-One Video Gallery plugin for WordPress affects v. 2.6.0 and before.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The All-in-One Video Gallery plugin for WordPress is a widely used tool for website owners to display video content on their websites. It boasts features such as customizable layouts, video previews, social media integration, and compatibility with multiple video platforms. Essentially, it provides a comprehensive solution for businesses and individuals looking to showcase their multimedia content on their WordPress site.
However, recently a concerning security flaw has been identified in this plugin's code. CVE-2022-2633 is a vulnerability that allows attackers to download sensitive files from the server and even make requests to the server. The security issue lies within the 'dl' parameter found in the ~/public/video.php file. This has caused concern and underscores the importance of remaining vigilant about website security.
When exploited, this vulnerability could have unwanted consequences for WordPress site owners. Attackers could gain access to confidential and sensitive information, potentially leaving user data exposed. Not only that, but the compromised server could be used as a launchpad for further attacks.
At S4E, we take security seriously. Our platform's pro features can quickly and easily scan websites for vulnerabilities. Website owners can take advantage of our advanced tools to understand their assets' current security state. We invite everyone to take a proactive approach to security and protect their digital assets from threats like CVE-2022-2633.
REFERENCES
- https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227
- https://plugins.trac.wordpress.org/changeset/2768384/all-in-one-video-gallery/trunk/public/video.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2744708%40all-in-one-video-gallery&new=2744708%40all-in-one-video-gallery&sfp_email=&sfph_mail
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2633