.. / CVE-2022-1386

Exploit for WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery (CVE-2022-1386)

Description:

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application’s response. An attacker can potentially interact with hosts on the server’s local network, bypass firewalls, and access control measures.

Nuclei Template

View the template here CVE-2022-1386.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-1386.yaml

References:

https://www.rootshellsecurity.net/rootshell-discovered-a-critical-vulnerability-in-top-wordpress-theme/
https://github.com/ARPSyndicate/kenzer-templates
https://theme-fusion.com/version-7-6-2-security-update/
https://nvd.nist.gov/vuln/detail/CVE-2022-1386
https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b

.. / CVE-2022-1386 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery (CVE-2022-1386)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-1386