CVE-2022-1386
Fusion Builder < 3.6.2 - Unauthenticated SSRF
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
El plugin Fusion Builder de WordPress versiones anteriores a 3.6.2, usado en el tema Avada, no comprueba un parámetro en sus formularios que podría ser usado para iniciar peticiones HTTP arbitrarias. Los datos devueltos son reflejados en la respuesta de la aplicación. Esto podría ser usado para interactuar con hosts en la red local del servidor omitiendo los firewalls y las medidas de control de acceso
The Fusion Builder plugin for WordPress, an Avada theme core plugin, is vulnerable to Server-Side Request Forgery in versions up to 3.6.2 along with the Avada theme in versions up to 7.6.2. This is due to insufficient validation in one of its form parameters. This makes it possible for unauthenticated attackers to interact with internal network hosts via specially crafted requests and can lead to sensitive information disclosure on certain configurations such as AWS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-18 CVE Reserved
- 2022-04-19 CVE Published
- 2023-03-09 First Exploit
- 2024-08-03 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ardzz/CVE-2022-1386 | 2023-03-09 | |
| https://github.com/imhunterand/CVE-2022-1386 | 2024-01-07 | |
| https://github.com/satyasai1460/CVE-2022-1386 | 2024-03-07 | |
| https://github.com/zycoder0day/CVE-2022-1386-Mass_Vulnerability | 2023-09-28 | |
| https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://theme-fusion.com/version-7-6-2-security-update | 2024-03-14 | |
| https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme | 2024-03-14 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fusion Builder Project Search vendor "Fusion Builder Project" | Fusion Builder Search vendor "Fusion Builder Project" for product "Fusion Builder" | < 3.6.2 Search vendor "Fusion Builder Project" for product "Fusion Builder" and version " < 3.6.2" | wordpress |
Affected
| ||||||
| Theme-fusion Search vendor "Theme-fusion" | Avada Search vendor "Theme-fusion" for product "Avada" | < 7.6.2 Search vendor "Theme-fusion" for product "Avada" and version " < 7.6.2" | wordpress |
Affected
| ||||||