CVE-2024-4399
published 2024-05-23CVE-2024-4399: The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
1.84%
76.3th percentile
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SSRF exploitation attempts targeting the 'url' parameter in get_remote_data.php of the CAS WordPress theme. Look for unauthenticated GET requests to /wp-content/themes/cas/get_remote_data.php with a 'url' query parameter pointing to external or internal hosts. ↗
- →Fingerprint vulnerable CAS theme installations by searching for the string 'themes/cas' in HTTP response bodies, as used in the nuclei template's first-stage check. ↗
- →Confirm active exploitation via out-of-band (OOB) HTTP callback: a successful SSRF will trigger an HTTP interaction from the target server to the attacker-controlled URL supplied in the 'url' parameter. ↗
- ·The vulnerability is exploitable without authentication (PR:N, UI:N), meaning no session or credentials are required to trigger the SSRF via the exposed PHP script. ↗
- ·The nuclei template uses a two-step flow: first confirming the CAS theme is present, then sending the SSRF payload. Detection logic should mirror this to reduce false positives. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
nuclei·CVSS 9.1
CVE-2024-4399 [CRITICAL] WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the 'url' parameter in the get_remote_data.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs.
Template:
id: CVE-2024-4399
info:
name: WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery
author: ritikchaddha
severity: critical
description: |
The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the 'url' parameter in the get_remote_data.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs.
impact: |
Unauthenticated attackers can force the serve
No writeups or analysis indexed.
2024-05-23
Published