CVE-2024-54385
📋 TL;DR
A Server-Side Request Forgery (SSRF) vulnerability in the SoftLab Radio Player WordPress plugin allows attackers to make unauthorized requests from the server to internal or external systems. This affects all WordPress sites running Radio Player plugin versions up to 2.0.82. Attackers can potentially access internal services, perform port scanning, or interact with cloud metadata services.
💻 Affected Systems
- SoftLab Radio Player WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through chained attacks, data exfiltration from internal services, or cloud metadata theft leading to privilege escalation.
Likely Case
Internal network reconnaissance, access to internal APIs or services, and potential data leakage from systems reachable from the web server.
If Mitigated
Limited impact if network segmentation restricts web server access to sensitive internal systems and cloud metadata endpoints are blocked.
🎯 Exploit Status
SSRF vulnerabilities typically have low exploitation complexity, especially when unauthenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.83 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Radio Player plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.0.83+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Network Segmentation
allRestrict web server's network access to only necessary external services and block access to internal network ranges and cloud metadata endpoints.
Web Application Firewall Rules
allImplement WAF rules to block SSRF patterns and suspicious outbound requests from the web server.
🧯 If You Can't Patch
- Disable or remove the Radio Player plugin immediately
- Implement strict outbound firewall rules to block web server requests to internal IP ranges and cloud metadata services
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Radio Player version. If version is 2.0.82 or lower, you are vulnerable.Check Version:
wp plugin list --name=radio-player --field=versionVerify Fix Applied:
After updating, verify Radio Player plugin shows version 2.0.83 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from web server to internal IPs
- Requests to cloud metadata endpoints (169.254.169.254, 100.100.100.200)
- Multiple failed connection attempts to various ports from web server
Network Indicators:
- Web server making unexpected HTTP requests to internal network ranges
- Traffic from web server to cloud provider metadata services
SIEM Query:
source="web_server_logs" AND (dest_ip=169.254.169.254 OR dest_ip=100.100.100.200 OR dest_ip IN [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16])