Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)

What is the "Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)" module?

The "Wordpress W3C Total Cache <= 0.9.4 - Server Side Request Forgery (SSRF)" module is a test case designed to detect an Unauthenticated Server Side Request Forgery (SSRF) vulnerability in the W3 Total Cache WordPress plugin. This vulnerability allows an attacker to make unauthorized requests on behalf of the server, potentially leading to further exploitation.

The severity of this vulnerability is classified as medium.

This module was authored by random_robbie.

Impact

If successfully exploited, this vulnerability could allow an attacker to bypass security measures and gain unauthorized access to sensitive information or perform actions on the server.

How does the module work?

The module sends an HTTP GET request to the "/wp-content/plugins/w3-total-cache/pub/minify.php?file=yygpKbDS1y9Ky9TLSy0uLi3Wyy9KB3NLKkqUM4CyxUDpxKzECr30_Pz0nNTEgsxiveT8XAA.css" path of the target WordPress website. It then checks the response body for the presence of the word "NessusFileIncludeTest" using a word matching condition.

If the word is found in the response body, the module considers the vulnerability as detected.

For more information about this vulnerability, you can refer to the following references:

Metadata: max-request: 1