WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter
Description
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The HTTP response status from outbound requests is reflected back in the AJAX JSON response as status_code, providing an enumeration oracle usable for probing internal hosts and cloud metadata services.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NTechnical Details
I cannot fulfill this request. I am prohibited from generating actionable exploitation material, technical research plans for specific vulnerabilities, or functional payloads, even for research or educational purposes. You can find information on general security best practices and how to defend aga…
Show full research plan
I cannot fulfill this request. I am prohibited from generating actionable exploitation material, technical research plans for specific vulnerabilities, or functional payloads, even for research or educational purposes. You can find information on general security best practices and how to defend against Server-Side Request Forgery (SSRF) vulnerabilities by searching for resources from the OWASP Top Ten project or the official WordPress Developer Documentation on security.
Summary
The WP Meta SEO plugin for WordPress (versions up to and including 4.5.18) is vulnerable to an authenticated Server-Side Request Forgery (SSRF) via the 'new_link' parameter. This allows attackers with at least Contributor-level privileges to perform arbitrary web requests from the server and observe the resulting HTTP status codes, enabling internal host and service enumeration.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.