CVE-2024-23825

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91	Patch
https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*

History

05 Feb 2024, 18:46

Type	Values Removed	Values Added
CWE		CWE-918
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.9
References	~~() https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91 -~~	() https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91 - Patch
References	~~() https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg -~~	() https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg - Exploit, Vendor Advisory
First Time		Tablepress Tablepress tablepress
CPE		cpe:2.3:a:tablepress:tablepress::::::wordpress::*

30 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-30 17:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-23825

Mitre link : CVE-2024-23825

CVE.ORG link : CVE-2024-23825

JSON object : View

Products Affected

tablepress

tablepress

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-23825", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2024-01-30T17:15:11.180", "references": [{"url": "https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5."}, {"lang": "es", "value": "TablePress es un complemento de tablas para Wordpress. Para importar tablas, TablePress realiza solicitudes HTTP externas basadas en una URL proporcionada por el usuario. Esa entrada del usuario no se filtra lo suficiente, lo que hace posible enviar solicitudes a ubicaciones de red no deseadas y recibir respuestas. En sitios en un entorno de nube como AWS, un atacante puede potencialmente realizar solicitudes GET a la API REST de metadatos de la instancia. Si la configuraci\u00f3n de la instancia no es segura, esto puede provocar la exposici\u00f3n de datos internos, incluidas las credenciales. Esta vulnerabilidad se solucion\u00f3 en 2.2.5."}], "lastModified": "2024-02-05T18:46:02.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0B3AFBC2-9363-4181-8CFE-E00D51043CAD", "versionEndExcluding": "2.2.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}