CVE-2024-13834
📋 TL;DR
This vulnerability in the Responsive Plus WordPress plugin allows authenticated attackers with contributor-level access or higher to perform Server-Side Request Forgery (SSRF) attacks. Attackers can make arbitrary web requests from the vulnerable server, potentially accessing internal services and sensitive information. All WordPress sites using this plugin up to version 3.1.4 are affected.
💻 Affected Systems
- Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme WordPress plugin
📦 What is this software?
Responsive Addons by Cyberchimps
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, exfiltrate sensitive data from internal networks, perform port scanning of internal systems, or chain with other vulnerabilities to achieve remote code execution.
Likely Case
Attackers with contributor access could probe internal networks, access metadata services (like AWS IMDS), or interact with internal APIs to gather information about the infrastructure.
If Mitigated
With proper network segmentation and authentication controls, impact is limited to information disclosure from services accessible to the web server.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access. The vulnerability is in the 'remote_request' function which accepts arbitrary URLs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3240422/responsive-add-ons
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Responsive Plus' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.1.5+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Responsive Plus plugin until patched
wp plugin deactivate responsive-add-ons
Restrict user roles
allRemove contributor-level access from untrusted users
🧯 If You Can't Patch
- Implement network segmentation to restrict web server access to internal services
- Deploy web application firewall rules to block SSRF patterns and unusual outbound requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Responsive Plus' version 3.1.4 or lowerCheck Version:
wp plugin get responsive-add-ons --field=versionVerify Fix Applied:
Verify plugin version is 3.1.5 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from web server to internal IPs
- Requests to metadata services (169.254.169.254, 100.100.100.200)
- Multiple failed authentication attempts followed by SSRF patterns
Network Indicators:
- Web server making requests to internal network ranges
- Unusual traffic patterns from web server to non-standard ports
SIEM Query:
source="web_server_logs" AND (url CONTAINS "internal_ip" OR url CONTAINS "metadata" OR url CONTAINS "localhost")