All WordPress applications using vulnerable plugins are vulnerable to attacks like Server Side Request Forgery. An attacker can leverage server-side request forgery to make the web application perform port scanning of hosts present in the internal and external network. Commonly vulnerable SSRF plugins on WordPress are flog, jRSS and many more. Server Side Request Forgery occurs when an attacker gets control over the request sent by the user. The attacker can gain access to the server using out-of-band and time-delay vector.
The following is the example for this vulnerability:-
<?php
if (isset($_GET['URL'])){
$url = $_GET['URL'];
$image = fopen($url, 'rb');
header("Content-Type: image/png");
fpassthru($image);
}
Using this vulnerability, an attacker can:-