CVE-2024-54385
published 2024-12-16CVE-2024-54385: Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player…
PriorityP354high7.2CVSS 3.1
AVNACLPRNUINSCCLILAN
EXPLOIT
EPSS
5.11%
91.3th percentile
Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| princeahmed | radio_player | <= 2.0.83 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandaction=radio_player_get_stream_data&nonce={{nonce}}&utm_source=&url=http://{{interactsh-url}}/live.m3u8↗
- →Detect SSRF exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with the action parameter set to 'radio_player_get_stream_data' and an external/internal URL in the 'url' parameter. ↗
- →Presence of the Radio Player plugin can be fingerprinted via the string '/wp-content/plugins/radio-player' in the HTTP response body; use this for asset discovery and attack surface mapping. ↗
- →The exploit extracts a nonce value from the page matching the regex pattern '"nonce":"([a-z0-9]+)",\s*"isPro"'; monitor for unauthenticated nonce harvesting from the WordPress frontend prior to SSRF attempts. ↗
- →The vulnerability is exploitable by unauthenticated attackers (no authentication required); any POST to admin-ajax.php with action=radio_player_get_stream_data should be treated as suspicious regardless of session state. ↗
- ·The NVD advisory states the affected version range is 'from n/a through <= 2.0.83', while the Wordfence/Nuclei template states 'up to, and including, 2.0.82'. Confirm the exact patched version before deploying version-based detection rules. ↗
- ·The Nuclei template uses a two-step flow: first confirming plugin presence and extracting a nonce, then sending the SSRF payload. Detection logic should account for this two-request pattern rather than looking for a single anomalous request. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Radio Player <= 2.0.82 - Server-Side Request Forgery
nuclei·CVSS 7.2
CVE-2024-54385 Radio Player <= 2.0.82 - Server-Side Request Forgery
Radio Player <= 2.0.82 - Server-Side Request Forgery
The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
Template:
id: CVE-2024-54385
info:
name: Radio Player <= 2.0.82 - Server-Side Request Forgery
author: s4e-io
severity: high
description: |
The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This m
No writeups or analysis indexed.
2024-12-16
Published