Broken Link Checker | Finder盲服务器端请求伪造CVE-2024-12121
WordPress的poken Link Checker | Finder插件是一个免费、简单且易于安装的插件,这款插件可以用于检查WordPress网站上的死链接。
该插件旨在查找和验证WordPress网站上任何地方的链接,检查每个链接,看它是否按预期工作,该插件还可帮助找到损坏的图片链接。
一、基本情况
WordPress的poken Link Checker | Finder插件可以检查监控和测试网站的所有内部链接和外部链接,有助于网站SEO优化和用户体验。
poken Link Checker | Finder插件插件允许一次检查所有评论和帖子,并生成一份关于可能需要删除或修改的评论、帖子和链接的报告。
该插件在报告标签中提供可以重定向到断开链接父页面的按钮,还为被重定向到其他url的链接生成报告,报告还显示它被重定向到哪里。
栋科技漏洞库关注到poken Link Checker | Finder插件中存在一个已认证 (Author+) 盲服务器端请求伪造,漏洞追踪为CVE-2024-12121。
二、漏洞分析
CVE-2024-12121是WordPress的poken Link Checker | Finder插件在2.5.0之前的所有版本(包括2.5.0)中存在的漏洞,CVSS评分5.4。
该漏洞的存在,使得使用受影响插件的所有WordPress网站都容易受到通过“moblc_check_link”函数进行的盲侧服务器端请求伪造的攻击。
使得拥有作者级别及以上访问权限认证攻击者能够向源自网络应用程序的任意位置发出网络请求,并可用于查询和修改内部服务的信息。
broken-link-finder/trunk/controllers/class-moblc-ajax.php
Index: broken-link-finder/trunk/controllers/class-moblc-ajax.php
===================================================================
--- a/broken-link-finder/trunk/controllers/class-moblc-ajax.php
+++ b/broken-link-finder/trunk/controllers/class-moblc-ajax.php
@@ -230,5 +230,5 @@
if ( false === strpos( $body, 'Video unavailable' ) ) {
MOBLCUtility::moblc_debug_file( 'Calling wp_remote_post: ' );
- $response = wp_remote_retrieve_response_code( wp_remote_head( $edited_link_text ) );
+ $response = wp_remote_retrieve_response_code( wp_safe_remote_head( $edited_link_text ) );
$status = isset( $response ) ? $response : 'invalid link';
} else {
@@ -237,5 +237,5 @@
} else {
MOBLCUtility::moblc_debug_file( 'Calling wp_remote_post: ' );
- $response = wp_remote_retrieve_response_code( wp_remote_head( $edited_link_text ) );
+ $response = wp_remote_retrieve_response_code( wp_safe_remote_head( $edited_link_text ) );
$status = isset( $response ) ? $response : 'invalid link';
@@ -327,5 +327,5 @@
$moblc_link = moblc_relative_to_absolute( $moblc_link, get_site_url() );
$max_execution_time = ini_get( 'max_execution_time' );
- $response = wp_remote_head(
+ $response = wp_safe_remote_head(
$moblc_link,
array(
@@ -416,5 +416,5 @@
if ( $moblc_link && $moblc_link_id ) {
- $response = wp_remote_retrieve_response_code( wp_remote_head( $moblc_link ) );
+ $response = wp_remote_retrieve_response_code( wp_safe_remote_head( $moblc_link ) );
$status = isset( $response ) ? $response : 'invalid link';broken-link-finder/trunk/handler/class-moblc-cron.php
Index: broken-link-finder/trunk/handler/class-moblc-cron.php
===================================================================
--- a/broken-link-finder/trunk/handler/class-moblc-cron.php
+++ b/broken-link-finder/trunk/handler/class-moblc-cron.php
@@ -110,10 +110,10 @@
MOBLCUtility::moblc_debug_file( ' scanning link [tag:youtube]' );
if ( strpos( $body, 'Video unavailable' ) === false ) {
- $response = wp_remote_retrieve_response_code( wp_remote_head( $link ) );
+ $response = wp_remote_retrieve_response_code( wp_safe_remote_head( $link ) );
} else {
$status = 404;
}
} else {
- $response = wp_remote_retrieve_response_code( wp_remote_head( $link ) );
+ $response = wp_remote_retrieve_response_code( wp_safe_remote_head( $link ) );
$status = isset( $response ) ? $response : 'invalid link';
broken-link-finder/trunk/miniorange-broken-link-settings.php
Index: broken-link-finder/trunk/miniorange-broken-link-settings.php
===================================================================
--- a/broken-link-finder/trunk/miniorange-broken-link-settings.php
+++ b/broken-link-finder/trunk/miniorange-broken-link-settings.php
@@ -3,5 +3,5 @@
* Plugin Name: Broken Link Checker/Finder
* Description: Simple & user friendly Plugin. This plugin provides features like broken link checker, loading time of the pages, report of broken link in csv/xml format, etc.
- * Version: 2.5.0
+ * Version: 2.5.1
* Author: Cyberlord92
* Author URI: https://miniorange.com
@@ -14,5 +14,5 @@
exit;
}
-define( 'MOBLC_VERSION', '2.5.0' );
+define( 'MOBLC_VERSION', '2.5.1' );
define( 'MOBLC_PLUGIN_URL', ( plugin_dir_url( __FILE__ ) ) );
global $moblc_dirname;broken-link-finder/trunk/readme.txt
Index: broken-link-finder/trunk/readme.txt
===================================================================
--- a/broken-link-finder/trunk/readme.txt
+++ b/broken-link-finder/trunk/readme.txt
@@ -4,7 +4,7 @@
Tags: Broken Links, comment links, Dead links, SEO Optimization, broken images, Image Links, 404, embed youtube links, blogs, posts,404 error, homepage, redirection, https, automatic redirection, 404 link, soft 404, redirected, 301 seo redirect, post redirect plugin, fix 404, 404 page, redirect, redirect 404, 301, 302, seo, permalink, page not found, homepage, server error
Requires at least: 4.6
-Tested up to: 6.3
+Tested up to: 6.7.1
Requires PHP: 5.3.0
-Stable tag: 2.5.0
+Stable tag: 2.5.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -72,4 +72,8 @@
== Changelog ==
+= 2.5.1 =
+* SSRF Vulnerability Fixes
+* Compatibility with WordPress 6.7
+
= 2.5.0 =
* Broken Link Checker/Finder:
@@ -163,4 +167,8 @@
== Upgrade Notice ==
+= 2.5.1 =
+* SSRF Vulnerability Fixes
+* Compatibility with WordPress 6.7
+
= 2.5.0 =
* Broken Link Checker/Finder: 三、影响范围
poken Link Checker | Finder <= 2.5.0
四、修复建议
poken Link Checker | Finder >= 2.5.1
五、参考链接
此处内容已隐藏,评论后刷新即可查看!