CVE-2022-1386 Scanner
Detects 'Server-Side Request Forgery (SSRF)' vulnerability in Fusion Builder plugin for Wordpress affects v. before 3.6.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
3 month
Scan only one
Domain, Ipv4
Toolbox
-
The Fusion Builder plugin for WordPress is one of the most popular page builders, used by website owners to design and create beautiful pages without dealing with complex coding. It is a product of Avada Themes, a company that offers a range of premium themes and plugins for WordPress users. This plugin is easy to use, intuitive, and comes with many customization options, making it a preferred choice for designers and developers.
However, in recent times, a severe vulnerability was discovered in the Fusion Builder plugin. Identified as CVE-2022-1386, this vulnerability is caused by a lack of validation of a parameter in its forms, which could enable attackers to initiate arbitrary HTTP requests, obtaining and controlling the data returned in the application's response. Hackers can use this vulnerability to gain access to servers on the local network, bypassing firewalls and other access control measures.
The potential consequences of exploiting this vulnerability are significant and could lead to data loss, server hijacking, and network infiltration. Attackers can use the compromised server to launch further cyber-attacks, such as malware distribution or phishing campaigns. The Fusion Builder plugin vulnerability is a severe threat to the security of WordPress websites and their users.
s4e.io is a comprehensive security platform that provides information about vulnerabilities in digital assets. With its Pro features, users can quickly and easily learn about vulnerabilities, receive alerts when new vulnerabilities are detected, and carry out in-depth analysis of their sites to identify potential risks. By signing up for s4e.io, website owners can protect their digital assets from cyber-attacks, data loss, and network infiltration. Don't wait until it's too late to protect your website and its users; sign up today.
REFERENCES